Alaska Software Inc. - Problems with session management

	Author	Topic: Problems with session management
	Thomas Braun	Problems with session management on Wed, 25 Oct 2006 15:28:06 +0200 Hi, I'm running an event registration site with WAA and I'm using the built-in session management of WAA. At the beginning of the registration process I'm creating a unique random session key which is stored via SetCargo() and passed on to the next registration page via SetVar(): IF nStep = 1 .AND. EMPTY(cSession) cSession := RandomPass(64) oCon:SetCargo("SESSION", cSession) ENDIF oH:SetVar( "SESSION", cSession ) On every following registration step, I check if the session key from the "cargo" is the same as the key on the page itself: LOCAL cSession := oH:GetVar( "SESSION" ) ... IF ! EMPTY(cSession) .AND. VALTYPE(oCon:GetCargo("SESSION")) == "C" IF cSession != oCon:GetCargo("SESSION") If the two keys do not match, I send an email to the administrator (= me Recently, I have quite a lot of session errors and I'm wondering what could cause this... any ideas? Just a few minutes ago I got the following error, alos related to the session management: Invalid datatype for index key CONTEXT:GETCARGO(240) REGSAVE(2323) WAATRANSACT:EXECUTE(295) SERVEJOB(313) SERVEJOBPROTECTION(205) But only from one client, several others where registering at the same time without problems - I deleted waa1srv.dbf/fpt/cdx, hoping this cures the problem. Does anyone know how exactly the session logic works with WAA? I suppose the WAA sends a cookie to the browser on oContext:OpenSession() I also think the session data is stored in waa1srv.dbf/fpt/cdx regards, Thomas
	Vladimir Iahnenco	Re: Problems with session management on Wed, 25 Oct 2006 10:29:26 -0400 Thomas, I have never got this errors. I check if user browser support cookies. When we start WAA, we define a global var DtoS(Date())+Time()+Whatever. When a user logs in, we send a cookie myCookie=MyGlobalVar. Next session we check if this cookie exists and equal to MyGlobalVar. Your issue probably because of multiple computers with the same IP, also I got some complains that some applications do no allow to send cookies or interfere ith them in some way. I recall we had some issues with HTML:SetCookie, so I set them in a bit different way. Email me if you need any piece of source. Regards, Vladimir "Thomas Braun" <spam@software-braun.de> wrote in message news:1pxl229epqbuq.abzcwuc7283$.dlg@40tude.net... > Hi, > > I'm running an event registration site with WAA and I'm using the built-in > session management of WAA. > > At the beginning of the registration process I'm creating a unique random > session key which is stored via SetCargo() and passed on to the next > registration page via SetVar(): > > IF nStep = 1 .AND. EMPTY(cSession) > cSession := RandomPass(64) > oCon:SetCargo("SESSION", cSession) > ENDIF > > oH:SetVar( "SESSION", cSession ) > > On every following registration step, I check if the session key from the > "cargo" is the same as the key on the page itself: > > LOCAL cSession := oH:GetVar( "SESSION" ) > ... > IF ! EMPTY(cSession) .AND. VALTYPE(oCon:GetCargo("SESSION")) == "C" > IF cSession != oCon:GetCargo("SESSION") > > If the two keys do not match, I send an email to the administrator (= me > > > Recently, I have quite a lot of session errors and I'm wondering what > could > cause this... any ideas? > > Just a few minutes ago I got the following error, alos related to the > session management: > > Invalid datatype for index key > > CONTEXT:GETCARGO(240) > REGSAVE(2323) > WAATRANSACT:EXECUTE(295) > SERVEJOB(313) > SERVEJOBPROTECTION(205) > > But only from one client, several others where registering at the same > time > without problems - I deleted waa1srv.dbf/fpt/cdx, hoping this cures the > problem. > > Does anyone know how exactly the session logic works with WAA? > > I suppose the WAA sends a cookie to the browser on oContext:OpenSession() > > I also think the session data is stored in waa1srv.dbf/fpt/cdx > > regards, > Thomas

Author

Topic: Problems with session management

Problems with session management
on Wed, 25 Oct 2006 15:28:06 +0200

Hi,

I'm running an event registration site with WAA and I'm using the built-in 
session management of WAA.

At the beginning of the registration process I'm creating a unique random
session key which is stored via SetCargo() and passed on to the next
registration page via SetVar():

   IF nStep = 1 .AND. EMPTY(cSession)
      cSession := RandomPass(64)
      oCon:SetCargo("SESSION", cSession)
   ENDIF

   oH:SetVar( "SESSION", cSession )

On every following registration step, I check if the session key from the
"cargo" is the same as the key on the page itself:

LOCAL cSession := oH:GetVar( "SESSION" )
...
   IF ! EMPTY(cSession) .AND. VALTYPE(oCon:GetCargo("SESSION")) == "C"
      IF cSession != oCon:GetCargo("SESSION")

If the two keys do not match, I send an email to the administrator (= me


Recently, I have quite a lot of session errors and I'm wondering what could
cause this... any ideas?

Just a few minutes ago I got the following error, alos related to the
session management:

Invalid datatype for index key

     CONTEXT:GETCARGO(240)
     REGSAVE(2323)
     WAATRANSACT:EXECUTE(295)
     SERVEJOB(313)
     SERVEJOBPROTECTION(205)

But only from one client, several others where registering at the same time
without problems - I deleted waa1srv.dbf/fpt/cdx, hoping this cures the
problem.

Does anyone know how exactly the session logic works with WAA?

I suppose the WAA sends a cookie to the browser on oContext:OpenSession()

I also think the session data is stored in waa1srv.dbf/fpt/cdx

regards,
Thomas

Vladimir Iahnenco

Re: Problems with session management
on Wed, 25 Oct 2006 10:29:26 -0400

Thomas,
I have never got this errors.
I check if user browser support cookies. When we start WAA, we define a 
global var DtoS(Date())+Time()+Whatever. When a user logs in, we send a 
cookie myCookie=MyGlobalVar. Next session we check if this cookie exists and 
equal to MyGlobalVar.

Your issue probably because of multiple computers with the same IP, also I 
got some complains that some applications do no allow to send cookies or 
interfere ith them in some way.

I recall we had some issues with HTML:SetCookie, so I set them in a bit 
different way. Email me if you need any piece of source.

Regards,
Vladimir

"Thomas Braun" <spam@software-braun.de> wrote in message 
news:1pxl229epqbuq.abzcwuc7283$.dlg@40tude.net...
> Hi,
>
> I'm running an event registration site with WAA and I'm using the built-in
> session management of WAA.
>
> At the beginning of the registration process I'm creating a unique random
> session key which is stored via SetCargo() and passed on to the next
> registration page via SetVar():
>
>   IF nStep = 1 .AND. EMPTY(cSession)
>      cSession := RandomPass(64)
>      oCon:SetCargo("SESSION", cSession)
>   ENDIF
>
>   oH:SetVar( "SESSION", cSession )
>
> On every following registration step, I check if the session key from the
> "cargo" is the same as the key on the page itself:
>
> LOCAL cSession := oH:GetVar( "SESSION" )
> ...
>   IF ! EMPTY(cSession) .AND. VALTYPE(oCon:GetCargo("SESSION")) == "C"
>      IF cSession != oCon:GetCargo("SESSION")
>
> If the two keys do not match, I send an email to the administrator (= me
> 
>
> Recently, I have quite a lot of session errors and I'm wondering what 
> could
> cause this... any ideas?
>
> Just a few minutes ago I got the following error, alos related to the
> session management:
>
> Invalid datatype for index key
>
>     CONTEXT:GETCARGO(240)
>     REGSAVE(2323)
>     WAATRANSACT:EXECUTE(295)
>     SERVEJOB(313)
>     SERVEJOBPROTECTION(205)
>
> But only from one client, several others where registering at the same 
> time
> without problems - I deleted waa1srv.dbf/fpt/cdx, hoping this cures the
> problem.
>
> Does anyone know how exactly the session logic works with WAA?
>
> I suppose the WAA sends a cookie to the browser on oContext:OpenSession()
>
> I also think the session data is stored in waa1srv.dbf/fpt/cdx
>
> regards,
> Thomas