Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Recycle the webpool
#1
Hi,

If I recycle the webpool. Why do the users get a EExpiredSession instead of a EInvalidAppId?
Reply
#2
Basically because they still have a valid cookie in the browser that "looks like" a SessionID, however the session doesn't exist on server side. In previous versions (IIRC, before IW 15.1) we used to raise an EInvalidAppId for everything but this behavior changed over time.
Reply
#3
(04-07-2023, 01:44 AM)Alexandre Machado Wrote: Basically because they still have a valid cookie in the browser that "looks like" a SessionID, however the session doesn't exist on server side. In previous versions (IIRC, before IW 15.1) we used to raise an EInvalidAppId for everything but this behavior changed over time.

Hi,

I'm strongly against shoving wrong information to the users.
If one user loggs in and after one minute I recycle the webpool.
That user will get a EExpiredSession. And of course he knows it can't be true.
So in this case I think a better exception should be raise.
Reply
#4
It's not wrong information. There is no bullet proof way for IntraWeb to say if

1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.

Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.
Reply
#5
(04-07-2023, 09:16 PM)Alexandre Machado Wrote: It's not wrong information. There is no bullet proof way for IntraWeb to say if

1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.

Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.

Ok I understand. But for me it is not correct to say it is a EExpiredSession when Intraweb can't decide what is exactly wrong.
As I said before the users are very confused and contact our support frequently. 
Is it possible to create a new execption type which e.g. describes that the connection has unexpectedly disappeared.

I don't need an answer to this. I just want you to consider the possibility.
Reply
#6
Yes, I'll give it a thought.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)