Re: Session issues - In words of one syllable please :-)
sorry to resurrect an old thread, but i think i have something to add to it... the same issue has manifested itself on one of my sites about 2 days ago all of a sudden. my error handler started flooding my inbox with Session is invalid error reports at a rate of about 80-110 a day. nothing at all has changed on the server (it's a VPS which i control). from my error reports i can see that all of the errors are caused by one and the same process: the rss reader in my own Thunderbird email client trying to fetch an RSS feed from the site. The rss feed file (a cfm page) is under the global Application.cfc, so all app settings (session management etc) apply to it too. i think that may be the problem - i have no idea if/how Thunderbird works with sessions... and i also have no idea if other rss readers may be affected by this (though i suppose i would have gotten an error email about this - i guess just only me subscribed to the site's feed :( ) i have increased session-timeout setting in web.xml file and made sure the settings in cf admin do not exceed it, so will now wait and see if that helps... Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ On 17/04/2009 21:46, Paul Vernon wrote: Can someone explain why the Session is invalid null occurs? We have a site on a dedicated server running CF 8 (8,0,1,195765) Standard edition. It gets around 11,000 users a day and for the most part is issue free. I've searched HoF etc., I've read the tech notes and I've subsequently altered the session-timeout value in the web.xml config file so the timeout is larger than the session timeout in the CF admin settings. Altering the session-timeout value has *definitely reduced* this error occurring but it hasn't fixed the problem and my gut instinct is that by altering the session-timeout value I'm just hiding the problem rather than dealing with it. Prior to altering the value, the error was happening around 60 or 70 times a day, altering the value has reduced this error to a couple of times a day. I suspect increasing the session-timeout value to an even larger number will eradicate the problem but because I donât understand the mechanics of why it's happening in the first place, this solution just doesn't feel right. Also, J2EE sessions are enabled and I see the jsessionid in the headers of requests but I still see CFID and CFTOKEN values too. I may have got this wrong but I thought that the jsessionid negated the need for CFID and CFTOKEN? Any explanations as to exactly how the session cookies work and why the session null error happens in the first place are gratefully received! Paul ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325167 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session issues - In words of one syllable please :-)
sorry to resurrect an old thread, but I think I have something to add to it... the same issue has manifested itself on one of my sites about 2 days ago all of a sudden. my error handler started flooding my inbox with Session is invalid error reports at a rate of about 80-110 a day. There were a couple of things that I did that sorted this out completely. 1. Double checked the server was using J2EE sessions. 2. Set the maximum timeouts to the same values as the default timeouts in the CF Admin. 3. Set the session-timeout in the web.xml file to a little more than the settings in CF Admin (I added 5 mins). 4. (This is the bit I was missing). Set the setClientCookies var in the application cfc/cfm to false. Because I was missing the last piece, the CFID and CFTOKEN cookies were being issued as well as JSESSIONID. This was causing clients to hold onto the CFID/CFTOKEN combination (sent to the client) when the JSESSIONID (held in server memory) had long since expired. CF was trying its best to reconcile both the CFID/CFTOKEN combination with a valid J2EE session and was failing as the J2EE session no longer existed and was null... hence the error Session is invalid null HTH Paul ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325168 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session issues - In words of one syllable please :-)
I also forgot to mention... If you access session information using the SessionFactory then you can cause this issue to occur too. But I think your specific issue is the same as mine was. Paul ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325169 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session issues - In words of one syllable please :-)
Thanks for your feedback, Paul! I think I have sorted it out. At least I have not had the usual error emails for almost 5 hours now. I should mention that I did NOT set Max and Default session timeouts to same value, but just made sure that Max timeout was less than session-timeout value in web.xml file. Still seems to have worked... Cheers, Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ On 02/08/2009 20:48, Paul Vernon wrote: sorry to resurrect an old thread, but I think I have something to add to it... the same issue has manifested itself on one of my sites about 2 days ago all of a sudden. my error handler started flooding my inbox with Session is invalid error reports at a rate of about 80-110 a day. There were a couple of things that I did that sorted this out completely. 1. Double checked the server was using J2EE sessions. 2. Set the maximum timeouts to the same values as the default timeouts in the CF Admin. 3. Set the session-timeout in the web.xml file to a little more than the settings in CF Admin (I added 5 mins). 4. (This is the bit I was missing). Set the setClientCookies var in the application cfc/cfm to false. Because I was missing the last piece, the CFID and CFTOKEN cookies were being issued as well as JSESSIONID. This was causing clients to hold onto the CFID/CFTOKEN combination (sent to the client) when the JSESSIONID (held in server memory) had long since expired. CF was trying its best to reconcile both the CFID/CFTOKEN combination with a valid J2EE session and was failing as the J2EE session no longer existed and was null... hence the error Session is invalid null HTH Paul ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325170 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session issues - In words of one syllable please :-)
Paul, You might want to check these posts: http://www.bennadel.com/blog/1535-ColdFusion-SESSION-Is-Always-Created-Even-If-OnSessionStart-Fails.htm http://www.bennadel.com/blog/1536-ColdFusion-Session-Management-And-Asynchronous-Page-Requests.htm I have had mysterious SESSION issues and I think I finally figured it out!-- Ben Nadel Adobe Community Expert Adobe Certified Advanced ColdFusion Developer Manager New York ColdFusion User Group http://www.bennadel.com Need ColdFusion Help? http://www.bennadel.com/Ask-Ben ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321737 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session issues - In words of one syllable please :-)
First, why it happens. When using J2EE sessions, the session is handled by the J2EE server (JRun in your case). JRun has an internal setting for the duration of sessions; that's controlled in the XML file. Now, CF also has its own timeouts, which control how long to keep using the same JRun session; if CF's session timeout is longer than JRun's, CF is looking for a dead JRun session and you get the invalid session error. Make sure the MAXIMUM CF session timeout setting is less than the JRun setting. Second, the JSESSION cookie is the only one used for J2EE sessions. The CFID and CFTOKEN cookies are used for client variables; you can prevent them from being set for new users with the setClientCookies setting in your application tag/cfc (set it to false). mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/4/17 Paul Vernon paul.ver...@web-architect.co.uk: Can someone explain why the Session is invalid null occurs? We have a site on a dedicated server running CF 8 (8,0,1,195765) Standard edition. It gets around 11,000 users a day and for the most part is issue free. I've searched HoF etc., I've read the tech notes and I've subsequently altered the session-timeout value in the web.xml config file so the timeout is larger than the session timeout in the CF admin settings. Altering the session-timeout value has *definitely reduced* this error occurring but it hasn't fixed the problem and my gut instinct is that by altering the session-timeout value I'm just hiding the problem rather than dealing with it. Prior to altering the value, the error was happening around 60 or 70 times a day, altering the value has reduced this error to a couple of times a day. I suspect increasing the session-timeout value to an even larger number will eradicate the problem but because I dont understand the mechanics of why it's happening in the first place, this solution just doesn't feel right. Also, J2EE sessions are enabled and I see the jsessionid in the headers of requests but I still see CFID and CFTOKEN values too. I may have got this wrong but I thought that the jsessionid negated the need for CFID and CFTOKEN? Any explanations as to exactly how the session cookies work and why the session null error happens in the first place are gratefully received ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321738 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session issues - In words of one syllable please :-)
First, why it happens. When using J2EE sessions, the session is handled by the J2EE server (JRun in your case). JRun has an internal setting for the duration of sessions; that's controlled in the XML file. Now, CF also has its own timeouts, which control how long to keep using the same JRun session; if CF's session timeout is longer than JRun's, CF is looking for a dead JRun session and you get the invalid session error. Make sure the MAXIMUM CF session timeout setting is less than the JRun setting. This is what I don't understand... I have the CF Admin settings set to 20 mins for the session life. The JSEE sessions were set at 30 mins and I saw lots of errors. I've now increased the time to 35 minutes and although the errors are reduced in number, they still happen... As you have stated the issue, the errors should not have happened in the first place with our setup and increasing the J2EE session timeout by a further 5 minutes seems like an odd way to reduce the errors we've seen but, nevertheless, that is what it has done. I'm thinking this may be a timing issue on multi-CPU deployments. I remember back in the day looking at task manager stats where the System Idle time would read close to 48 hours when the server was re-booted 24 hours previously because the clock was accounting for the idle time on both processors... I wonder if the JRun session timeout process is looking at a ticker in the system that is effectively halving/quartering etc. the entered value in relation to the number of processors in the system and causing these timing anomalies? The idea (in my mind at least) has merit. Second, the JSESSION cookie is the only one used for J2EE sessions. The CFID and CFTOKEN cookies are used for client variables; you can prevent them from being set for new users with the setClientCookies setting in your application tag/cfc (set it to false). That sorts out that bit. Thanks! Paul ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321741 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session issues - In words of one syllable please :-)
Paul, make sure you have 20 minutes for both the default and maximum settings. I had the default set at 20, but the maximum was set at 60 minutes and there ended up being 2 applications that used that maximum setting, or at least were above the default. Phil On Fri, Apr 17, 2009 at 10:56 AM, Paul Vernon paul.ver...@web-architect.co.uk wrote: First, why it happens. When using J2EE sessions, the session is handled by the J2EE server (JRun in your case). JRun has an internal setting for the duration of sessions; that's controlled in the XML file. Now, CF also has its own timeouts, which control how long to keep using the same JRun session; if CF's session timeout is longer than JRun's, CF is looking for a dead JRun session and you get the invalid session error. Make sure the MAXIMUM CF session timeout setting is less than the JRun setting. This is what I don't understand... I have the CF Admin settings set to 20 mins for the session life. The JSEE sessions were set at 30 mins and I saw lots of errors. I've now increased the time to 35 minutes and although the errors are reduced in number, they still happen... As you have stated the issue, the errors should not have happened in the first place with our setup and increasing the J2EE session timeout by a further 5 minutes seems like an odd way to reduce the errors we've seen but, nevertheless, that is what it has done. I'm thinking this may be a timing issue on multi-CPU deployments. I remember back in the day looking at task manager stats where the System Idle time would read close to 48 hours when the server was re-booted 24 hours previously because the clock was accounting for the idle time on both processors... I wonder if the JRun session timeout process is looking at a ticker in the system that is effectively halving/quartering etc. the entered value in relation to the number of processors in the system and causing these timing anomalies? The idea (in my mind at least) has merit. Second, the JSESSION cookie is the only one used for J2EE sessions. The CFID and CFTOKEN cookies are used for client variables; you can prevent them from being set for new users with the setClientCookies setting in your application tag/cfc (set it to false). That sorts out that bit. Thanks! Paul ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321742 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session issues - In words of one syllable please :-)
http://www.bennadel.com/blog/1535-ColdFusion-SESSION-Is-Always-Created- Even-If-OnSessionStart-Fails.htm http://www.bennadel.com/blog/1536-ColdFusion-Session-Management-And- Asynchronous-Page-Requests.htm I have had mysterious SESSION issues and I think I finally figured it out!-- Hi Ben, I tend to read your blog a lot it seems to rank highly for the more obscure issues that I encounter when debugging stuff in CF. As far as I can tell though, I'm not having session start issues, rather session timeout issues in relation to J2EE sessions and the error gets thrown on the cfapplication tag in the old application.cfm files and the This.SessionManagement line in the application.cfc files. Paul ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321744 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4