[dancer-users] Debugging sessions

Nikola Mitev nik at mitev.eu
Thu Nov 22 08:23:17 GMT 2018 

On Wed, 2018-11-21 at 11:22 -0700, Warren Young wrote:
> On Nov 21, 2018, at 10:17 AM, Nikola Mitev <nik at mitev.eu> wrote:
> > It happens about once a month on a site
> > with 10-20 logins daily. Once it happens to a user, it keeps
> > happening
> > for that user only.
> You haven’t said which engines you’re using.  It might be simplest to
> just post the config.yml file and the $environment.yml file it loads,
> if any.
> 
> It might also help to know the HTTP server configuration.  Apache vs
> Starman, FastCGI vs HTTP proxying, etc.

I am using Starman with Nginx in front of it, session engine is Cookie:
session: 'Cookie'
engines:
  session:
    Cookie:
      secret_key: 'removed'
      cookie_name: "removed"
      is_secure: 1
      is_http_only: 1
      with_request_address: 1
      default_duration: 604800

> I suspect you’ve got a parallel access locking problem that only
> shows up when two users happen to hit the app at the same time, but
> that’s just speculation on the information you’ve given so far.

Would that lock persist for the unlucky user until an app restart, or
would it only cause an issue for the request which collided with that
of another user?

> > I don't have an explicit check on cookie size - not sure how to
> > check
> > it doesn't exceed 4K
> Unless you’re using Dancer2::Session::Cookie, I don’t see how that
> can be the case.  That’s the whole point of separating the notion of
> cookie and session: all of the real per-user data goes into the
> Session object, and the cookie is used only to look that Session
> object up.

That's what I am using and the docs mention size over 4K could cause
issues.

> But you don’t need to guess: any modern browser’s developer toolset
> will give you the cookie value.  It should be just a small-ish blob
> of hex noise.

I was thinking more about checking it server-side. Checked it in
Chrome, it is less than 1K.

> > I am looking for general advice on how to
> > troubleshoot this but any ideas at all will be very much
> > appreciated.
> What happens if you switch to Dancer2::Session::YAML?  It’s slower,
> but for volumes as low as yours, it shouldn’t matter.  The benefit is
> that you can then inspect the session objects directly when this
> happens.

Haven't tried it yet, but will give it a go. Thanks for all the input!

Nik

More information about the dancer-users mailing list