Saturday, 21 July 2012

Session Problem in Google Chrome




Hi Friends..................


  I would like to share one of my experience with Google Chrome.


In one of my project, the application was working fine in Internet Explorer and Mozilla Firefox with no issues. But it was not working fine in Chrome.


For many days the problem was existing. The actual problem we faced in it was, whenever the user is logging into the application a new session was being created instead of maintaining the same session. This was happening only in Chrome. Thus, the previous session is lost and we used to displayed the 'Session Expiry' page.


Another major thing in it was:
 The application was working fine in 'http' environment, but the problem was faced only in 'https' environment.  
It vexed us for long.............    




After many analysis, we came across the solution. The solution was very simple, silly and felt as not at all related to the problem.


The reason behind it is:


When the user is logging into the application, the details were captured and stored in a session. For the next  request, the session-id was different from the first session-id (More-over we checked even session.isNew() also, its was giving true). Thus, something was going wrong on the transition of the requests. That too in Chrome only.


On next step, we thought of the webserver (we used Apache webserver) and did many trails on the webserver configurations. But there was no use.

Later, we checked each of request's flow using Burp suite tool. In this tool, we observed the request for 'favicon'.
 In Mozilla and IE there was no effect of this 'favicon', but where as the Chrome alone is demanding for a 'favicon' (This is the unusual behaviour of the Chrome). In our application we are not using this icon.
If there is no 'favicon' in our application and if you handle the 404 status code, it will be executed.
This the reason, for the request after logging into our application a new session is created. Thus, we got a new session and data of user is lost. Hence, because of no data we displayed 'Session Expiry' page.
The problem is resolved by placing the 'favicon' at the root level of the application.


Lesson i learnt by this experience is:
  never ignore to place favicon in your application especially in https environment.... :)




I would like to share this experience hoping that some day or some time it may help somebodies precious time....

2 comments:

  1. Oh my god, i have a same problem. Please, May you teach me a way to check it clearly ?...

    ReplyDelete
  2. We have a ''favicon' in our application, but the problems still persists..

    ReplyDelete