Atozed Forums Atozed Software Products IntraWeb English IntraWeb General Discussion v
Recycle the webpool

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Recycle the webpool
Mikael Nilsson Offline
Member
***
Posts: 84
Threads: 29
Joined: May 2018
Reputation: 0
Location: Sweden
#1
04-02-2023, 04:43 PM
Hi,

If I recycle the webpool. Why do the users get a EExpiredSession instead of a EInvalidAppId?
Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#2
04-07-2023, 01:44 AM
Basically because they still have a valid cookie in the browser that "looks like" a SessionID, however the session doesn't exist on server side. In previous versions (IIRC, before IW 15.1) we used to raise an EInvalidAppId for everything but this behavior changed over time.
Find
Reply
Mikael Nilsson Offline
Member
***
Posts: 84
Threads: 29
Joined: May 2018
Reputation: 0
Location: Sweden
#3
04-07-2023, 09:14 AM
(04-07-2023, 01:44 AM)Alexandre Machado Wrote: Basically because they still have a valid cookie in the browser that "looks like" a SessionID, however the session doesn't exist on server side. In previous versions (IIRC, before IW 15.1) we used to raise an EInvalidAppId for everything but this behavior changed over time.

Hi,

I'm strongly against shoving wrong information to the users.
If one user loggs in and after one minute I recycle the webpool.
That user will get a EExpiredSession. And of course he knows it can't be true.
So in this case I think a better exception should be raise.
Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#4
04-07-2023, 09:16 PM
It's not wrong information. There is no bullet proof way for IntraWeb to say if

1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.

Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.
Find
Reply
Mikael Nilsson Offline
Member
***
Posts: 84
Threads: 29
Joined: May 2018
Reputation: 0
Location: Sweden
#5
04-07-2023, 09:38 PM
(04-07-2023, 09:16 PM)Alexandre Machado Wrote: It's not wrong information. There is no bullet proof way for IntraWeb to say if

1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.

Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.

Ok I understand. But for me it is not correct to say it is a EExpiredSession when Intraweb can't decide what is exactly wrong.
As I said before the users are very confused and contact our support frequently. 
Is it possible to create a new execption type which e.g. describes that the connection has unexpectedly disappeared.

I don't need an answer to this. I just want you to consider the possibility.
Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#6
04-07-2023, 10:37 PM
Yes, I'll give it a thought.
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)