Session being destroyed

FZ has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

We are displaying some thumbnails on a page. For each thumbnail image, we are calling a route to get image and other details that are displayed on page. It was working fine until recently that session is being destroyed during loading of images. This happens randomly as page loads fine sometime and breaks in some cases.

We have a timeout variable in session that we compare with timeout threshold and as session is destroyed, it throws login page.

app->destroy_session and session->delete is in place in some locations but they are not triggered. No error in console trace, no error in apache logs. Also changed keepAlive, MaxKeepAliveRequests and KeepAliveTimeout in apache config to allow max numbers possible but same issue.

Can someone please guide on what else can be checked?

Comment on Session being destroyed Select or Download Code

Replies are listed 'Best First'.
Re: Session being destroyed by Corion (Patriarch) on Jun 25, 2018 at 08:07 UTC
From the outside, it's very hard to diagnose your problem, as you don't show any code and don't tell us what framework and environment you are using. Can you reduce your code to a short, self-contained example that reproduces the problem? I would assume that basically creating a fake session and then the codew to serve the thumbnail and image information should be sufficient to reproduce the problem. Are you certain that the problem is on your end? Maybe the browser(s) don't send the session cookies? Have you used `wget` or `LWP::UserAgent` to verify that the correct headers are sent and received?	[reply] [d/l] [select]
Re^2: Session being destroyed by FZ (Initiate) on Jun 27, 2018 at 05:34 UTC
We are using Perl 5 (v5.16.3) Dancer2 (0.206000) on CentOS 7. URL for getting images is like: GET http://xyz.site/library/assets/354/versions/1/thumb?proxy=300.jpg&counter=0 There is only request cookie in case it works. Which is something like: Request cookies: dancer.session WzFwlwAAbcptBdxFGkBSF1u6KnoEbIF0 For fail case there is also a response cookie and it is different: Request cookies: dancer.session WzFwlwAAbcptBdxFGkBSF1u6KnoEbIF0 Response cookies: dancer.session httpOnly true path / value WzFw_gAAbcrid2OMH0ZSxymggqHS6DKq I have also verified that a new physical dancer session file (empty) is created as soon as session is destroyed.	[reply]
Re^3: Session being destroyed by Corion (Patriarch) on Jun 27, 2018 at 07:01 UTC
So it seems that somewhere in your code, a new session gets created. Without seeing your code, it's hard to guess where that could be. Dancer2::Session doesn't list any immediate method to invalidate a session, so something else must be going on in your code. Maybe you can reduce your code to the absolute minimum to reproduce the problem and show that here?	[reply]
Re: Session being destroyed by roboticus (Chancellor) on Jun 25, 2018 at 14:38 UTC
FZ: You mention that it worked fine until recently. The first thing I'd do is to check just what changed. Either the recent change(s) caused the breakage or changed behavior enough to allow a Heisenbug to show itself. Update: fixed wikipedia link. ...roboticus When your only tool is a hammer, all problems look like your thumb.	[reply]
Re: Session being destroyed by Anonymous Monk on Jun 25, 2018 at 18:33 UTC
Successful establishment of a session requires that a `Set-Cookie:` round trip must happen between the client and the host, before any other HTTP requests arrive which referenc this same session-id. It sounds like the asynchronous HTTP requests which ask for the images are using a session-cookie that hasn't been established on the host yet ... or maybe, that do not yet have a session-id value to send. Use the browser's debuggers to carefully watch the round-trip ordering of the various HTTP exchanges. This is a fundamental HTTP-design issue which is not peculiar to Perl.	[reply]
Re^2: Session being destroyed by FZ (Initiate) on Jun 27, 2018 at 05:37 UTC
There is only request cookie in case it works. Which is something like: Request cookies: dancer.session WzFwlwAAbcptBdxFGkBSF1u6KnoEbIF0 For fail case there is also a response cookie and it is different: Request cookies: dancer.session WzFwlwAAbcptBdxFGkBSF1u6KnoEbIF0 Response cookies: dancer.session httpOnly true path / value WzFw_gAAbcrid2OMH0ZSxymggqHS6DKq I have also verified that a new physical dancer session file (empty) is created as soon as session is destroyed.	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.