An interesting post by Steve Muench, regarding all the above. It's a bit old (November 2004) and something might change since then but nevertheless it worth reading.
Reposting below:
Check you browser limitations with this tool.
This
week one of our worldwide support engineers was working with a
customer experiencing a problem of having their HTTP session
sporadically get dropped in their ADF-based application. The problem
only occurred when users would use the Internet Explorer browser; it
didn't reproduce with Firefox, for example, however the customer's
userbase are IE users, so switching to Firefox wasn't an option as a
workaround.
The support engineer did some testing to discover that Internet Explorer strictly adheres to the RFC2109
specification's limit of 20 cookies per domain. I worked with him to
build an example servlet which accessed the J2EE web container's servlet
session, and then proceeded to add a cookie with a unique name on each
time the page would get refreshed...Cookie1, Cookie2, Cookie3, etc.
After refreshing the page 19 times using the Internet Explorer browser,
we could see we had twenty cookies like this:
JSESSIONID=... Cookie1=... Cookie2=... : etc. : Cookie19=...
Of course, the JSESSIONID is the cookie used by the web container to
keep your browser session "connected" to the server-side servlet session
object over the stateless HTTP protocol. If you lose the JSESSIONID
cookie, then to the server, the next time you visit it's as if it was
your first time again. Refreshing the page one more time with our test
servlet, showed that Internet Explorer -- having hit its limit of 20
cookies -- picked the least recently set cookie and got rid of it to
make room for the new Cookie20 we created. It turns out that the least
recently set cookie was the very JSESSIONID cookie that was our lifeline
to the servlet session. Ouch! With Firefox, it
appeared that fifty cookies was the limit in our testing, while other
browers like Opera had yet another limit like 30. But in IE, this effect
occurred at the RFC2109 20 cookie limit.
The support engineer asked the customer whether the own application
was creating lots of cookies, but the response was that they weren't
creating any cookies themselves. Then he asked them how many distinct
ADF application modules their JSP pages were using, and the answer was
"about 25". Next he asked them if they were using the ADF Business
Components failover mode. They didn't remember having set it, so they
were using the default which is jbo.dofailover=true.
That is, the failover mode is on by default unless you disabled it in
your application module configuration or by supplying a Java System
parameter named jbo.dofailover=false at system startup time.
So, the support engineer had found the problem. Each ADF data control
that is based on an ADF application module and which is being used in
failover mode, saves a browser cookie that contains the persistent
snapshot ID of the pending application module transaction state (which
by default is saved in the database in a BLOB in the PS_TXN table, with
that persistent snapshot id as its primary key. If you use 25 unique
application module-based data controls in your application and you leave
the failover mode on, you'll need to save 25 browser-side cookies to
provide that failover support. If the middle-tier application server you
were using goes down, on your next request, whatever server you do end
up getting serviced by uses the value of the persistent snapshot id in
the browser failover cookie for each data control to rendezvous with the
right persistently stored pending changes.
Trouble is, if you need 25 cookies plus the JSESSIONID which makes
26, then at some point you'll hit your 20-cookie limit in Internet
Explorer, and there's a chance that IE will throw out your JSESSION
cookie, which cuts off your browser user's lifeline to the session. That
in an of itself wouldn't cause trouble for ADF, but in this customer's
case, they had placed a user login object of their own creation in the
session, so it was no longer there once Internet Explorer had forgotten
its JSESSIONID cookie.
The solution? The customer didn't actually need the failover feature, so they added the -Djbo.dofailover=false Java VM parameter to their application server startup to disable the ADF failover mode, and the problem has gone away.
One tip to help make sure that your ADF Business Components runtime
configuration settings are actually getting set to what you think they
are, is to run with the ADF Business Components diagnostics turned on --
which you do by adding the Java VM parameter -Djbo.debugoutput=file
-- and then grep through the diagnostics files that will be named
bc4j*.log in the system temp directory for the ADF configuration
property name. The diagnostic output will tell you the value that it is
using for each configuration property, and it will tell you where it
read that value from (your configuration "client environment", System
Property, etc.).
Check you browser limitations with this tool.
No comments:
Post a Comment