[ic] help with sessions getting lost

J P wwwsports at yahoo.com
Sat Aug 30 01:05:03 EDT 2003

>Quoting John Young (john_young at sonic.net):
> Ed L. wrote:
> >The most common causes of losing sessions:
> >
> >1. Bad link coding: using hard-coded URL's (i.e. <a

> >href="/cgi-bin/cart/blah.html">) instead of the
[area] or [page] tags. 
> >Unless the client's browser is supporting session
cookies, this will 
> >fail, and it is almost never a good idea anyway;
> >
> >2. Loss of session in form post: ensure that all
forms contain:
> >        <input type=hidden name=mv_session_id
value="[data session id]">
> >
> >3. Interchange invalidates the session because it
senses that the host 
> >or remote host has changed;
> >
> >4. Very short SessionExpire times, file system
> >
> >
> >1 or 2 are much more likely than 3 or 4 in my
experience, and no doubt 
> >someone else could add to this list.
> Good points.
> JP - w/regard to #3 above, check that you have:
>> HostnameLookups Yes
>> That would at least explain sessions dropping due
to remote host
>> identification (#3, above) changing in the case of
browsing through
>> proxies (such as any AOL accounts).
>Also, if your system time is off by more than
SessionExpire seconds, you
>have real trouble. You really need to make sure your
time is correct.
>Mike Heins

I went through all of the above and it turns out it
wasn't any of the suggestions.  This was really weird
but we set up a development copy of the store on
another server and ran into the same problem.  It
turns out that it was broken images in the store
causing it to ultimately lose the session.  

I'm posting in case anyone else runs into the same
problem that it might help.  In our apache config file
we have the 404 error page set to a page in the store.
 Didn't think this was a big deal because the only
thing on that domain is the store and figured if we
got broken pages, we wanted to make sure it stays in
the store.  But, with the broken image, the web server
was making a new call to the store for the error page
and since it was apache making the call, not the
browser, it's considered a new session by IC, and
voila, session lost.  

We pretty much reliably reproduced the error and once
we changed over the error page in apache, I haven't
been able to recreate it yet.

Hope this helps someone else... 


Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

More information about the interchange-users mailing list