• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Replaying HTTP traffic to a CF server

Guest
Oct 09, 2014 Oct 09, 2014

Copy link to clipboard

Copied

This is a somewhat technical question. I have recorded a bunch of HTTP traffic to my CF application doing actions that I would like to replay at a later time for testing purposes. These recordings involve a user logging into the application followed by the user performing a bunch of actions. In order to replay this traffic accurately I have set up the replayed traffic to adjust its cookies to maintain the session since the session used during the recording will be expired by then.

This approach works fine for 1 client or so, but when I start scaling this up to many clients it starts to fail intermittently. Debugging the replay clients that are failing, I see that the server is generating a new JSESSIONID cookie for each response even though I am sending the proper cookie in the request. On the other hand, for a replay client that works correctly, I see the JSESSIONID cookie staying the same for the entire session. After a while of running many clients using this method the CF server seems unable to accept any replay clients. Restarting the server seems to fix this problem, but then it starts to happen again.

My guess is that this has something to do with the internals of either the CF configuration or the J2EE session configuration. Does anyone with a more detailed knowledge of these applications have an idea of what might be wrong?

Views

489

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Deleted User
Oct 15, 2014 Oct 15, 2014

Okay I've managed to solve this. Turns out the session reset was coming from a CF error that said Duplicate Session Detected. This was because there was yet another state management variable being passed around in the http message body called DSId. I managed to pull this from the server response and send it for subsequent requests. This seems to have fixed the problem.

Votes

Translate

Translate
Community Expert ,
Oct 10, 2014 Oct 10, 2014

Copy link to clipboard

Copied

Is there just one application file? How do the various clients interact with the application? Via browsers? If so, is it one client per browser?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 10, 2014 Oct 10, 2014

Copy link to clipboard

Copied

Let me preface this by saying this is my first time using CF, so my knowledge is very limited.

As far as my understanding goes there is no application file. I assume you are talking about the application.cfc file in the root directory. All the settings provided are default. I am only testing against one application.

For interaction, there were two stages to this. In the first stage I set up a proxy to record all http traffic to the CF server using a program called gor (buger/gor · GitHub). I then started interacting with the CF server with a flash client in my browser, and the gor program recorded all traffic into a file. This part runs fine.

In the second stage I run gor clients a few days later that read the file and just repeat exactly what was sent over the wire including the time delays and everything. With the exception of the "Cookie" header all other http headers are identical for all gor clients. The Cookie header is the only one I adjust to make sure the previously recorded session tokens are not sent. Those will have expired since I am doing this test several days later. Instead I send no cookies with the first request and the CF server responds with a JSESSIONID like normal. I then record this cookie and send it along with the next request and so on - just like browsers would do. This is the stage where the intermittent problem would come in. I start with a freshly restarted CF server and I try this with one client and I see 1 JSESSIONID being sent/recieved for the whole session. Part way through the session I see a CFID and CFTOKEN being generated by the server and I treat these the same as JSESSIONID. This works fine. I see data being input into the database and everything in the exact same way as when I originally recorded. So I try the same with spinning up 20 gor clients and then I start to see the JSESSIONID being changed by the server over and over again for no apparent reason. Since I cannot keep a consistent session, the gor client cannot interact properly with the server because the login event is not tied to the same session.

I have tried this with 20 gor clients on one server and 20 gor clients on 20 servers with the same result.

Does this clear up your questions?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 10, 2014 Oct 10, 2014

Copy link to clipboard

Copied

The Application.cfc file may or may not solve your immediate problem, however it is a necessary tool in maintaining sessions. It need not be elaborate. Something like this will do:

Application.cfc

<cfcomponent>

    <cfscript>

        this.name = "ation_replay";

        this.applicationTimeout = "#createTimespan(1,0,0,0)#";

        this.loginStorage = "session";

        this.sessionManagement = "true";

        this.sessionTimeout = "#createTimeSpan(0,0,30,0)#";

        this.setClientCookies = "true";

     </cfscript>

    <cffunction name="onApplicationStart" returntype="boolean">

        <cfreturn true>

     </cffunction>

</cfcomponent>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 14, 2014 Oct 14, 2014

Copy link to clipboard

Copied

Tried with this Application.cfc with no success. I don't think the problem is due to a lack of session management altogether because the sessions do work correctly for a bit then they start failing. Any other ideas?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 14, 2014 Oct 14, 2014

Copy link to clipboard

Copied

OK. But you should just leave the application file there anyway.

On to a new idea. You say each client sets a cookie. I am assuming this to be a non-session cookie. If so, is this cookie distinct for each client?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 14, 2014 Oct 14, 2014

Copy link to clipboard

Copied

Every cookie is a "session" cookie in that it is unique to each gor client and does not persist from replay to replay. Here is an example of how this goes when it is broken and not broken:

Working correctly.

Client 1:

Request 1 - No cookies sent

Response 1 - Set JSESSIONID to "123"

Request 2 - Send JSESSIONID of "123"

Response 2 - No change in cookies

...

Request N - Send JSESSIONID of "123"

Response N - Set CFID and CFToken

Request N+1 - Send JSESSIONID, CFID, CFToken

...

Client 2:

Request 1 - No cookies sent

Response 1 - Set JSESSIONID to "456"

Request 2 - Send JSESSIONID of "456"

Response 2 - No change in cookies

...

Request N - Send JSESSIONID of "456"

Response N - Set CFID and CFToken

Request N+1 - Send JSESSIONID, CFID, CFToken

...

Broken. This occurs after a couple of successful runs.

Client 1:

Request 1 - No cookies sent

Response 1 - Set JSESSIONID to "a"

Request 2 - Send JSESSIONID of "a"

Response 2 - Set JSESSIONID to "b"

Request 3 - Send JSESSIONID of "b"

Response 3 - Set JSESSIONID to "c"

...

No CFID or CFToken are ever sent.

Client 2:

Request 1 - No cookies sent

Response 1 - Set JSESSIONID to "1"

Request 2 - Send JSESSIONID of "1"

Response 2 - Set JSESSIONID to "2"

Request 3 - Send JSESSIONID of "2"

Response 3 - Set JSESSIONID to "3"

...

No CFID or CFToken are ever sent.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 10, 2014 Oct 10, 2014

Copy link to clipboard

Copied

How does gor store session/cookie data per client? If gor is unable to distinguish the 20 replays as 20 independent client requests, then Coldfusion will think it is the same client knocking 20 times on the door. Current ColdFusion versions are configured to disallow multiple clients sharing the same session.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 13, 2014 Oct 13, 2014

Copy link to clipboard

Copied

Will try with the Application.cfc and see if that fixes the problem.

Each gor client runs in its own process and stores cookie information independently.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 15, 2014 Oct 15, 2014

Copy link to clipboard

Copied

Okay I've managed to solve this. Turns out the session reset was coming from a CF error that said Duplicate Session Detected. This was because there was yet another state management variable being passed around in the http message body called DSId. I managed to pull this from the server response and send it for subsequent requests. This seems to have fixed the problem.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 16, 2014 Oct 16, 2014

Copy link to clipboard

Copied

LATEST

Glad to hear you found the solution. Thanks for sharing it with us.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation