Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Losing sessions

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Losing sessions

    Within the last few weeks, many users have reported a loss of their session. I don't know why.

    We used to have this sporadically, so to help manage this, some time ago I added a callback every 15 seconds to be sure a key session variable existed. If not, users get a little sad cloud message and then are taken back to login.

    Code:
        vUser = a5ws_getcurrentuser()
    if vUser = ""
              .......
    end if
    Server session timeout is set to 15 minutes. The callback, of course, keeps this alive for as long as the user wants, which is what I want.

    I can detect no pattern. I've watched it happen to me while just sitting on the page doing nothing at all, and I can't find anything in the Chrome console or server logs to help.

    Some users get it once in a while, some users get it every few minutes. It can happen all day to one person, then not at all for a long time again. And it happens to users around the world - no single location or region.

    We're using Alpha Anywhere Classic, on two servers hosted by Google cloud with Cloud Flare in between. It happens from both servers.

    And we're on an older build 5667_5254, obviously have not upgraded for a while so it's not due to a bug in a patch.

    Any ideas?
    Last edited by Steve Workings; 11-20-2019, 06:19 PM.
    -Steve
    sigpic
    Tags: None
    #2
    Re: Losing sessions

    Steve, are you sure session affinity is working correctly? What your describing is exactly the behavior caused by a user that was using server 1 getting directed to server 2 instead since sessions are local to the specific server.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

    Comment

      #3
      Re: Losing sessions

      Thanks Lenny. I wonder how I can check that? We've not changed anything.

      We have the Google load balancer with session affinity that points to the two servers. Each server has 4 instances running with a software load balancer managing session affinity.
      -Steve
      sigpic

      Comment

        #4
        Re: Losing sessions

        There are lots of discussions online about Google Cloud losing session affinity for various reasons. See the second post on this thread: https://stackoverflow.com/questions/...ssion-affinity.

        You are using my Load Balancer on the two machines so I can say that the number one reason that a user is moved from one Instance to another is if the target Instance is slow enough to make it fail health check. If it fails health check then the load balancer takes that instance out of service until it passes a health check. Active users on that instance will get failure and if they refresh their browser will go to a different Instance. I think when they change instances they will get a new session ID. One thing I don't know is if Google Cloud detects that the instance fails the health check does that mean it will try another instance on the same machine or automatically try a different machine (i.e., does Google even know about the local load balancer on each machine)?

        I should test to see exactly what happens to session variables when the user is moved to a different instance.

        EDIT: I notice our avatars to the left here practically match.
        Steve Wood
        See my profile on IADN

        Comment

          #5
          Re: Losing sessions

          Thanks Steve - a good link.

          I browsed more broadly through some of our logs just now, and have reason to suggest we're getting a bit overloaded with automated hacking attempts. I'm finding big groups of .php requests -- several per second per instance in many places. I thought we blocked those through Cloud Flare but have asked for a review of that by our Cloud Flare guy (Mark).
          -Steve
          sigpic

          Comment

            #6
            Re: Losing sessions

            I know this is a bit of a hack to thwart PHP and other attacks I use a 3rd party Block-by-IP tool where the blacklisted IP addresses are just a text file. I feed that text file from an xbasic script that runs on the index.a5w page and if the request has ".PHP" or other unwanted values in the URL, I post their IP address to this file and they are forever blocked in about one minute.
            Steve Wood
            See my profile on IADN

            Comment

              #7
              Re: Losing sessions

              Steve Workings:
              You would benefit greatly by moving your application to the Application Server for IIS.
              1. It will address your immediate problem by eliminating the need for session affinity. You can use an IIS session state provider that shares sessions across all instances so a user's session will always be accessible regardless of which server handles their request. You would no longer be dependent on session affinity working properly at either the Google level or the local machine level.
              2. It will address the additional load caused by the malicious PHP requests you are seeing. IIS will handle these requests directly and serve up a 404 (or other error page as appropriate) and the Application Server will not even need to participate so will not be directly impacted.
              3. The need for multiple Application Server instances is removed. This also means you can eliminate the software load balancer on your Google instances. This simplified configuration makes setup and ongoing maintenance easier.
              4. IIS Application Pools automate load distribution and overlap EXE restarts to manage memory without any interruption in service or loss of session state.



              Steve Wood:
              If a user is directed to a new instance of the Classic Application Server, their session will not be valid on that instance. Upon that first request, the new instance will create a new session, and that session will have its own unique session ID.


              Originally posted by Steve Wood View Post
              I know this is a bit of a hack to thwart PHP and other attacks I use a 3rd party Block-by-IP tool where the blacklisted IP addresses are just a text file. I feed that text file from an xbasic script that runs on the index.a5w page and if the request has ".PHP" or other unwanted values in the URL, I post their IP address to this file and they are forever blocked in about one minute.
              This is a very good technique to help protect your server. This is similar to the type of functionality that CloudFlare and other services provide, and it is worthwhile even if you subscribe to one of those services and/or use IIS. It it relatively easy to set up, and the more layers of security and protection that you have, the better off your systems are.

              Lenny Forziati
              Vice President, Internet Products and Technical Services
              Alpha Software Corporation

              Comment

                #8
                Re: Losing sessions

                Thanks as always for your generous input Lenny. We're probably going to be with the classic server for a while.
                -Steve
                sigpic

                Comment

                Previous template Next
                Working...
                X