cookie_dump

[Annemiek]

Hi folks,

Recently, we brought a high-volume HTTPAPI application to production. We're now in the process of monitoring for errors and performance issues.
We're using cookies and a cookie file to store a session cookie. I noticed, that every API call we do results in an update of the cookie file. This is probably the result of the format of the cookie that we receive from the remote service. I'll put an example of the cookie file here:

Code: Select all

 .scildon-t.xtendis.nl FALSE / TRUE 0001-01-01-00.00.00.000000 2024-02-01-10.41.38.885000 0 1 .X10Gateway.Session CfDJ8HpiNzJId%2FpHhy3LHQ%2ByeMP66hZESc4nNlln11G5wGcdJt6RhndLZq0AuXbYekvGd0uGzJcdya%2FPt7wxVv0sgH6pxlLsRCUwYy8tFYwV3km%2FH%2BJpO1RUhQ2nMNzOQqO60avpVL%2BXywSkLx1gBaNm%2FxGv11zcv8ndBvnLTincBkh8 SESSION 

As far as I can see, it contains a path, "FALSE" for no domain name included in cookie, "TRUE" for path name included in cookie, expiration timestamp, received timestamp, cookie name, and the cookie itself. It seems that the cookies that we receive don't have an expiration timestamp, but that should be ok.

There are a few things I don't understand and I hope someone can enlighten me:
- the Received Timestamp is not the actual timestamp this cookie was received. Instead, it is the timestamp of the first cookie that was placed in the file, which occurred last week. And yet we received countless new cookies since then. I can't quite make out in HEADERR4 how that could happen.
- after every API call the cookie file is updated, even when the cookie file hasn't changed. I can understand why that happens, but it has lead to an error, when one API call was busy updating the cookie file and the next API call occurring at the same time, found the cookie file to be empty. Is there something we can do to avoid those errors? The cookie that we receive is a session cookie, so it seems not possible to avoid updating the cookie file after every API call.

You're probably going to ask why we use a cookie file in the first place. This is why: we have multiple programs that use the API-calls and unfortunately they run in different activation groups. Having the cookie file allows us to reuse the session cookie for all activation groups.

Thanks for reading and I hope you can help me with some suggestions!
Annemiek.

[Scott Klement]

Recently, we brought a high-volume HTTPAPI application to production. We're now in the process of monitoring for errors and performance issues.
We're using cookies and a cookie file to store a session cookie. I noticed, that every API call we do results in an update of the cookie file.

Correct, this allows the cookies to be available to other jobs and activation groups. If it didn't update the file every time, if there were other copies using it, the data wouldn't be updated for them.

This is probably the result of the format of the cookie that we receive from the remote service

What? No! It has nothing to do with the contents of the cookie you receive...

'll put an example of the cookie file here:

Code: Select all

 .scildon-t.xtendis.nl FALSE / TRUE 0001-01-01-00.00.00.000000 2024-02-01-10.41.38.885000 0 1 .X10Gateway.Session CfDJ8HpiNzJId%2FpHhy3LHQ%2ByeMP66hZESc4nNlln11G5wGcdJt6RhndLZq0AuXbYekvGd0uGzJcdya%2FPt7wxVv0sgH6pxlLsRCUwYy8tFYwV3km%2FH%2BJpO1RUhQ2nMNzOQqO60avpVL%2BXywSkLx1gBaNm%2FxGv11zcv8ndBvnLTincBkh8 SESSION 

As far as I can see, it contains a path, "FALSE" for no domain name included in cookie, "TRUE" for path name included in cookie, expiration timestamp, received timestamp, cookie name, and the cookie itself. It seems that the cookies that we receive don't have an expiration timestamp, but that should be ok.

That is correct. The format is more or less based on the cookies.txt format used in early versions of Netscape.

There are a few things I don't understand and I hope someone can enlighten me:
- the Received Timestamp is not the actual timestamp this cookie was received. Instead, it is the timestamp of the first cookie that was placed in the file, which occurred last week. And yet we received countless new cookies since then. I can't quite make out in HEADERR4 how that could happen.

That's weird. The received timestamp is set in cookie_parse when it parses (interprets) the cookie sent from the server. I don't see how it'd end up using only one row's timestamp.

- after every API call the cookie file is updated, even when the cookie file hasn't changed. I can understand why that happens, but it has lead to an error, when one API call was busy updating the cookie file and the next API call occurring at the same time, found the cookie file to be empty. Is there something we can do to avoid those errors? The cookie that we receive is a session cookie, so it seems not possible to avoid updating the cookie file after every API call.

The code could be updated to lock the file so that something else can't access it while its being written. This would have the disadvantage of slowing down other processes, but would prevent the problem of things failing when multiple processes write it at the same time.

You're probably going to ask why we use a cookie file in the first place. This is why: we have multiple programs that use the API-calls and unfortunately they run in different activation groups. Having the cookie file allows us to reuse the session cookie for all activation groups.

That sort of thing is exactly what it was intended for.