Session Stickiness Issue

Similar Messages

• Session Stickiness

  Can anyone advise if I can do this with Vshield?  I am getting thins from a developer hosting on some servers in our data center.
  We need to maintain session stickiness for users as they switch back and forth between http and https.  Is it possible to do this with a method other than IP hash?  We would like to avoid IP hash because of concerns of it not working for companies with multiple gateways/proxies and/or mobile users who may switch networks during a session.
  Thank you in advance
  Todd

  Hello,
  If they are talking about a web server session, then that is entirely up to the web server unless you are using vCNS load balancing, then I do not think so. Session stickiness between protocols I do not think is supported but this is something you will have to test. The best thing to do in this case is attempt it, and see if things work as the developer expected. If in the webserver, that is a webserver issue, in the LB, then a vCNS issue.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• How to do http session stickiness based on URL patterns?

  Is there a feature within the WL plugin for Apache that would allow me to emulate the "jvmroute" session stickiness behaviour as provided by Tomcat and its plugin. I would like to have the control to tie requests from http clients to particular WLS servers in a cluster depending on the URL. For example http://foo.com/web01 requests would be forwarded to an appsererver app01 and so on. For all other requests (e.g http://foo.com/web), the WL plugin would do its normal load balancing ignoring the stickiness. From my understanding the WLS inbuilt http session stickiness is based on JSessionIDs which are exchanged using cookies - which is something i cannot use in my case since i want the stickiness based on URL patterns.
  I am using WLS 10.0 with Apache 2.2.4 on Linux.
  Thanks
  Ramdas

  Session is not replicated across all the servers in the Cluster.
  Apache knows which server to go using the JSession ID.
  There is a concept of primary and secondary, secondary is selected based on the replication groups there are configured in the cluster.
  you can configure the cluster so that /web01 requests go to different cluster, and /web requests go to different cluster.
  but you can get all the funtiionalities from the single cluster.
  Do you have any java caching that you are not able to replicate across the cluster ?(I know this can be done too).
  let me know what you are actually trying to solve by doing the behavior you explained.

• Session creation issues with DS3.2

  We are using BODS 3.2 for development. We are aware that a newer version of DS has been released quite a long time ago but due to some reasons we are still using DS 3.2.
  We are facing some session creation issues. We are using Teradata and Oracle as source and extracting\updating data using some SQLs in script tasks. SQLs are targeting huge amount of data. We executed a job and checked on the servers, sessions were created on the databases. Job kept on executing for long time and was not getting completed, there was no error also. After waiting so long, I checked on Database server and found that session was lost for these SQLs on Database servers. We are able to create a successful connection using Data Stores.
  Please suggest something, Why the sessions are not getting lost on the database servers?.
  Thanks & Regards,
  Gaurav Bansal

  ginger_11 wrote:
  Hi...I'm new to the forum.
  2 of the same phones in my household having similar issues since OS upgrade. 
  -Text automatically going to MMS when sending pics and the pics won't send.  1 phone freezes, the other acts like its sent but not sent-this phone won't load emailed pics either.
  -Keep getting notifications that passwords need updated for email accounts.
  -Facebook app won't load on 1 phone-tried deleting, pulling battery and re-installing.  Still getting "session re log-in required" but there is nowhere to load the log-in info under accounts. Getting the same message on the other phone but the app is still listed under accounts so am able to log in.
  -Both phones are randomly re-starting. Multiple times over past 3 days. 
  Any known issues like these?
  There must be some common factor why both phones are having the same problem.
  With the 10.2.1.537, the only problem I had was a few contacts merged and surnames were repeated.
  I haven't noticed any difference with the latest upgrade.
  Maybe a security wipe and restore contacts and email then one app at a time.

• Session Lost Issues

  Hello, to all expertise
  Isnt any people got face session lost issue before?
  Project Description
  Structs -> (MVC)
  Session Time Out(Web.xml)
  <session-time-out> 1hours
  Application Server
  JBoss 4
  Windows XP and Internet Explorer 6.0
  Using JDeveloper10g as IDE tools
  Trying Solutions (But also kenot resolve problems)
  1) Increase the session time out
  2) Add one class for HttpSessionListener
  a) public void sessionCreated(HttpSessionEvent se){}
  b) public void sessionDestroyed(HttpSessionEvent se){}
  If i not mistaken, the sessionCreated is when first time we go in into the page, then the sessionCreated wont be call unless there was new request or new user... What i trying to say is the sessionCreated is only be call once for one browser.. However, each time when i was doing some transaction or click on any window pop up menu like using javascript : window.showmodaldialog, or alert scriplet, it since got the session will recreated.. But the case is i cant really estimate when the
  session will recreated... Each time the session recreated, the attribute and all the value store in that particular will be lost rite?
  Further more, i declare one SessionManager.class to store all the session variable include the session id after the user success to login to the screen. Each time when the was transaction in database such as add, update, I will using the vector to store and compare whether the request.getSession().getId is same with the same the sessionid in vector or not... If there was same, then the continue the following task, if there was different between the id in request with the vector, means the session is recretead so i will send redirect to the login page...
  For the add and update transaction we will use the alert("Add success"); to inform the user the database have been success added!
  But the session lost is after 4 minutes or within 10 minutes very often it happen even the page are activate by the user...
  Isnt any one got happen this before? Isnt the alert pop up menu? or isnt the window.showModalDialog cause it?
  I didnt use any session.invalidate or any session.remoteatrribute to remove all the session stuff.. How can it will recreated new one?
  Very Thanks to have your all useful suggestion and guideline
  Thanks and best regards
  Kim;

  There is a performance penalty for using SSL, but there are solutions to address that penalty (SSL hardware acceleration). And, no, SSL doesn't prevent anyone from guessing anything, but the point of using a UUID for session tokens is to make guessing extremely difficult even with brute-force repetitive approaches.
  Dave Watts, CTO, Fig Leaf Software
  http://www.figleaf.com/
  http://training.figleaf.com/
  Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
  GSA Schedule, and provides the highest caliber vendor-authorized
  instruction at our training centers, online, or onsite.

• Sticky issue for an application configured in ACE

  Hi All,
  We are facing a strange issue with ACE. We have a sticky configured for an application in ACE.
  Sometimes the application is not working, We have to clear sticky session on ACE to fix the issue.
  Can anbody help me to troubleshoot this issue?
  Regards,
  Thiyagu

  Hi Jorge,
  Here is the sticky configuration of the application which is having issue.
  sticky ip-netmask 255.255.255.255 address source SG
    timeout 15
    serverfarm SF
  Please let me know if you need the complete configurarion.
  Regards,
  Thiyagu

• Session Timeouts issue massively frustrating

  I am getting session timeouts when logged into my netmail & trying to compose emails. It happens constantly, sometimes immediately after logging in, sometimes 5 minutes into a session, sometimes 2 minutes into a session. It is completely random timing-wise. It kicks me all the way back out to the login and I've lost whatever I've done since the last "save to draft".
  It is extremely frustrating as you can't even get a simple 10-15 line email drafted without losing work and having to log back in.
  This issue appears to be intermittent as I've had this problem off and on for months now. It will happen for a while, then stop, then start happening again.
  As a software developer by trade, I suspect someone is occassionally re-introducing the bug by using an old peice of code as a baseline, which then eventually gets fixed, only to have that same developer re-introduce the bug again later. I noticed this issue beginning when Verizon switched over to this newer netmail system from the old one (maybe a year or so ago?).
  I'm running on IE 7, in an environment where my browser and/or network does not change so the intermittent issues can't be blamed on my environment.

  Workflow #2:
  Login to my account
  Click view all email
  Open Drafts Folder
  Open draft email response
  Select "Send" to send email (total in session time of 30 seconds)
  On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
  I have no idea if my email was successfully sent or not.
  Workflow #3:
  Login to my account
  Click view all email
  Attempted to open the first new email in my inbox (total time in session <15 seconds)
  System throws session timeout error and kicks me out to the main login.
  There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email.

• KB2923545 remote sessions drop issue

  In our environment we have Remote Desktop Services Host running patched and up to date Windows 2008 R2 Enterprise behind Remote Desktop Gateway running Windows 2012 R2 Standard. Dual Factor
  Authentication from Windows Azure is used in our system as well.<o:p></o:p>
  We experienced following strange behavior. Users with updated Windows 7 clients can successfully authenticate against RD Gateway, receive a call from Windows Azure DFA, authenticate
  and establish remote session to RDSH. No issues while working in remote session until user need step back or minimize the active RD session window. After 120 seconds the session get dropped and reconnects immediately and the user receives another authentication
  call from DFA.<o:p></o:p>
  No errors on client side, no errors on DFA, RDG or RDSH servers, just entries that the session was disconnected and then reconnected.<o:p></o:p>
  Running Wireshark on the clients side shows that the local computer sends RST, ACK which drops connection and then immediately sends SYN to RDG server with initiates connection reestablishment
  and a call from DFA. <o:p></o:p>
  We figured out that this behavior is related to the stations with KB2923545 installed. As soon as we remove mentioned KB, no session drops.<o:p></o:p>
  Anybody experiencing the same and had found other solution then just removing windows update KB2923545? <o:p></o:p>

  Hi,
  Thank you for posting in Windows Server Forum.
  Does this happen on any particular system with specific account?
  As this KB is specific for the issue for your issue, here suggest you to install on another system or reinstall the KB after restating the system. And finally check with new user account without any permission.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Session expiration issue with parent and child window

  Hi,
  We have two applications (App1 - Implemented using JSF, Spring and Hibernate and App2 -Implemented using Spring MVC, Spring JDBC).
  I have implemented 'Test Access Content' functionality in App1.
  First admin user (Role- Manager) needs to login to App1
  As part of 'Test Access Content' functionality, he enters URL with encrypted key and click 'Test Access' button.
  It opens new window (implemented using java script - window.open) and hits spring controller of App2.
  In spring controller of App2, I am decrypting the key to get user details. After that i am setting user details in session, constructing final URL to display actual content.
  Problem is parent window maintains session till child window renders response. Once child window renders response, parent window loosing session.
  So, if i click any button in parent window after child window renders response, it displays login page as there is no session for parent window.
  Please note that App1 and App2 are sharing same domain. only context paths are different for both apps (app1 and app2).
  Any suggestions on this issue are much appreciated. Please let us know if you have any questions.

  Hi,
  When you open a child window from parent window then you can access child data in the parent window through javascript.
  We have a main web page. There are quite many links on it from which >user can open new web pages but the data is saved when the submit >button on the main page is clicked. Also data that user entered on the >other sub pages is not displayed in the main window.
  1 is this a case of parent and child window.case 1 When you are submitting the main page you need to run javascript function and get data from child windows and save that to database or session. next time when you are displaying the main window you need to query session or database to display the child window data in the main window.
  Case 2> closing child window and you need data in the parent. This can be done in two ways.
  1> When you are closing the child window populate some variables of the main window using javasript.
  2> Save the values in the database or session and refresh the main window and extract data from database or session
  Where should the data be saved that user enetered on the sub pages as the data is not shown in the main page - should it be stored in the session?It is design decision. You can store data in either session or database when you are closing the child window. But ifyou are saving the data on the main page then you can populate main page with child windows data using javascript. Save the data t database when main window data is saved. Depends on business requirements.
  In short if you are saving child windows data in session or database then you need to refresh main screen to pull that data otherwise populate main screen using javascript.
  I hope i answered your questions :) best of luck

• Session Variables Issue

  Hi, I'm putting together my first shop.
  I have built and tested on
  IE6, then upgraded to IE7 & Firefox 2 XP PRo
  IE7 XP Home
  All is well and the site works fine on the XP machines. Each
  client / Browser retaining its own shopping cart information.
  Allowing for different users to select items.
  A friend has given me 2 old machines to build a testing
  workstation for browser compatability. These are both IE6 Win98
  machnes although 1 will be changing. Despite a few layout issues
  all seemed fine. Until I added things to the shopping basket.
  It seems IE6 now (at least certainly under Win98) cannot
  persist the session data across pages. I'm not sure if this could
  be related to how they are conntected together (using a 10/100
  switch) or if there is a setting in IE6 which would prevent this
  (not sure how this would be the case) or, more worrying, am I doing
  something wrong. My session/cart information is based heavily upon
  the CFMX7 Web Application Contruction Kit example. So I'm not sure
  what I could have done wrong.
  Here is the code below. Its using NAte Wiess' own CFC and
  works perfectly in IE7 and I Think IE6 on XP
  Any suggestions.

  or if there is a setting in IE6 which would prevent this (not
  sure how
  this would be the case)
  This is a very likely concern to investigate. For sessions to
  work
  correctly, by default, cookies must be enabled in the
  browser. If the
  browser has been configured to not accept cookies, then every
  request
  made from that browser creates a new session on the server.
  If you want your sessions to work without cookies you can
  pass the CFID
  and CFTOKEN values that define an individual session through
  URL
  variables. This does take some work to make sure every link,
  form and
  any other interaction that generates a new request to the web
  server
  pass these values.
  There are aides in ColdFusion to help you with this process,
  check the
  documentation for all the fun details.

• .emix files from old sessions causing issues.

  Hi.
  Im trying to open up some old sessions from L9 and am having some issues with .emix files.
  When it opens it says its found duplicates for 12345.emix files and i choose one of them and click continue.
  It does this for a few more instruments and the the session opens.
  The EXS24 instruments have no sound coming out of them and when i go into the edit window it says .emix file.
  Any ideas what this is and how i can fix it>
  Thanks

  I managed to get my iTune catalog moved to my new iMac but I am still haveing a hard time getting my iPhoto file transfered.
  I've tried to use a exturnal drive to transfer it over but I get a error message half way through. I tried compressing it and I get a error message with that too.
  Is there a special way to transfer the iPhoto files?
  ANY help would be appriciated....

• WebEx session records issue

  Hi Guys,
  I have a problem is that when we attempt to record a webex session to be saved on WebEx server (in the cloud), using local MeetingPlace server and Webex Node, the video recording works but no audio is recorded. If we attempt to use Webex MeetingPlace numbers we record Audio and Video successfully.
  Looks like we have problems with our MeetingPlace server or Webex Node.
  If you need further clarification please let me know.

  Not sure if I understand your issue.  If you use the record on computer option it will not record audio as this uses your PC mike but it should record audio when using Record on Server option.

• Hardware load balancing with session stickiness

  Hello,
            We are looking for a hardware based solution to load balance 4
            unclustered weblogic servers. These servers are software replicas of
            each other and share a common database. We need a solution that
            provides session level server stickiness based on jsessionid as both a
            cookie and url rewrite. Currently we have Cisco load balancers which
            do not handle the url rewrite due to the fact the the load balancer
            only "sees" what is after the question mark in the url and the
            jsessionid is before the question mark. Example:
            http://somehost.com/some/url.jsp;jsessionid=26D5C566075663ABD8E17AD255974323?parm=value
            I'm sure we are not the only ones trying to do this. Any suggestions
            would be greatly appreciated.
            Thanks,
            Alan George
            

            Having worked on Cisco load balancer and WLS clustered, you would loose sessions
            when the requests are failed over.
            S
            "Shawn Kircher" <[email protected]> wrote:
            >
            >Has anyone got this type of scenario working where you load balance sticky
            >sessions
            >from a Cisco load balancer between non-clustered weblogic servers?
            >
            >Thanks,
            >
            >Shawn
            >
            >"Aravind Krishnasamy" <[email protected]> wrote:
            >>F5 or BigIp provides hardware level load balancing and it injects date
            >>inside weblogic cookie and maintains server affinity.
            >>Thanks
            >>Aravind
            >>"ageorge" <[email protected]> wrote in message
            >>news:[email protected]...
            >>> Hello,
            >>>
            >>> We are looking for a hardware based solution to load balance 4
            >>> unclustered weblogic servers. These servers are software replicas
            >>of
            >>> each other and share a common database. We need a solution that
            >>> provides session level server stickiness based on jsessionid as both
            >>a
            >>> cookie and url rewrite. Currently we have Cisco load balancers which
            >>> do not handle the url rewrite due to the fact the the load balancer
            >>> only "sees" what is after the question mark in the url and the
            >>> jsessionid is before the question mark. Example:
            >>>
            >>>
            >>http://somehost.com/some/url.jsp;jsessionid=26D5C566075663ABD8E17AD255974323
            >>?parm=value
            >>>
            >>> I'm sure we are not the only ones trying to do this. Any suggestions
            >>> would be greatly appreciated.
            >>>
            >>> Thanks,
            >>>
            >>> Alan George
            >>
            >>
            >
            

• Possible session caching issue in SSRS2014

  Using custom FormsAuth, User A can sign into our own main asp.net mvc app (WIF cookie), then SSRS (FormsAuth cookie) and all is well.  Here is where things go bad.  User A signs out of our main application (WIF cookie deleted) then back in into
  our main application as User B then back into SSRS.  SSRS report that displays User!UserID show UserA instead of current User B.  Its like there is either a session or cookie caching issue going on but not for sure.  
  1. What is the proper way to sign out of SSRS and prevent session caching?
  2. Do I need to worry about making my SSRS logon page non-cacheable?  If so, what is the recommended way of doing this?
  thanks
  scott

  Hi scott_m,
  According to your description, you used custom FormsAuthentication in Reporting Services, after user A sign out the application an sign in as user B, SSRS built-in user is shows user A instead of user B.
  Based on my search, once we configured SSRS to use Custom (Forms) authentication by deploying a custom security extension, we can logon to MS Report Manager (MSRM) using credentials of our custom security framework via a logon web page. But there is no way
  to logout or to expire the authentication cookie, so we need to close the browser manually. As a workaround, we can add a logout button to the Report Manager which is using Forms Authentication, then use code to clear the cookie and redirect to home page.
  In addition, if you extend Reporting Services to use Forms Authentication, it’s better to use Secure Sockets Layer (SSL) for all communications with the report server to prevent malicious users from gaining access to another user's cookie. SSL enables clients
  and a report server to authenticate each other and to ensure that no other computers can read the contents of communications between the two computers. All data sent from a client through an SSL connection is encrypted so that malicious users cannot intercept
  passwords or data sent to a report server.
  Here is a relevant thread you can reference:
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/5e33949d-7757-45d1-9c43-6dc3911c3ced/how-do-you-logout-of-report-manager
  For more information about Forms Authentication, please refer to the following document:
  https://technet.microsoft.com/en-us/library/aa902691%28v=sql.80%29.aspx?f=255&MSPPError=-2147217396
  If you have any more questions, please feel free to ask.
  Thanks,
  Wendy Fu
  If you have any feedback on our support, please click
  here.
  Wendy Fu
  TechNet Community Support

• JSF 1.2 Session Timeout Issue

  I am using using:
  JSF- Sun RI (1.2)
  Websphere (6.1)
  Facelets (1.?)
  RichFaces (3.3.2)
  I am having an issue with session timeouts that shows up in two different ways:
  Scenario 1) the client makes an ajax call after the session has timed out
  Scenario 2) the client makes a standard request after the session has timed out - navigating to a new page
  I seem to be able to address one or the other, but I can't seem to find a solution that fixes both scenarios.
  For Scenario 1, I have the client-side A4J.AJAX.onExpired function defined and that is currently working for session timeouts that are discovered via an ajax request.
  However, if I start making changes to try and address the other scenario, it seems to break the A4J javascript function.
  For Scenario 2, I have tried a number of suggestions that I've found online:
  1) I've tried to configure the error page in web.xml:
  <error-page>
       <exception-type>javax.faces.application.ViewExpiredException</exception-type>
       <location>/timeout.jsf</location>
  </error-page>
  However, anything I seem to try around this solution still winds up with a ViewExpiredException. I've tried to have timeout.jsf redirect to the login page and I get a ViewExpiredException on the login page when the redirect happens. I've tried to just render a timeout page with a link the user can click on to go to the login page and that fails as well.
  2) I've tried the phase listener and had little success too.
  3) I tried a NavigationHandler
  One thing I did have working, I believe, was with the phase listener approach, but I had a difficult time displaying a session timed out message upon redirect, but not the first time the user visited the page.
  I'm relatively new to JSF and probably don't understand the app life cycle well enough, I guess, but is there a solution that addresses all of these issues:
  1) works for AJAX calls
  2) works for actual navigation
  3) sends the user back to the login page with some indication as to "why", but gracefully handles the first visit to the login page (or a logout)
  Thanks for any suggestions you can offer.

  Sorry, but I have to disagree. Loading JavaScript at the beginning of your page would only make the page load slower (and "ruin" the user's experience when they see the page being loaded steadily) and also cause unforeseen issues than to leave it at the bottom of your page.
  Big companies like Google (1999), Yahoo (2000), Oracle (2001) and many others are doing the opposite to what you have said. Look at the way they load their JavaScripts and you'll see.
  It's also good practice to zip your content from the server before sending it to the client's web browser to increase performance. Of course, this will depend on whether your web browser supports methods such as gzip, deflate, etc... and whether you use HTTP or HTTPS.
  Lastly, another bad practice I often see Java programmers do is write the following all over the places:
  setString, setInt, setDouble, etcInstead of using an existing feature of Java to do the same in one procedure, as in:
  public static void setParameters(PreparedStatement preparedStatement, Object... values)
     throws SQLException
     for (int i = 0; i < values.length; i++) {
        preparedStatement.setObject(i + 1, values);
  Then just call *setParameters* whenever you need it instead of writing multiple setString, setInt, etc statements everywhere...