We've got a Flash file upload feature in our application, using swfupload. There's a bug in the Flash player that causes it to always send the IE cookies, no matter the current browser -
http://swfupload.org/forum/generaldiscussion/383.
This has caused us issues in the past since our session / forms authentication cookies were suddenly gone / errant if the user used Chrome/Firefox. I've previously fixed this issue by sending the cookie contents in the QueryString and then setting the cookie
values in Application_BeginRequest so they have their correct values before ASP.NET wires up the session and authentcation.
I've run into a new variant of this bug, since we're now load balancing our app across three content servers using ARR. The previous fix still works, but the issue also affects the ARR client affinity cookie. Basically the user will be assigned to SERVER1
while browing in Firefox, but when the upload is made the client affinity cookie from IE will be sent, or a new will be assigned if the user has no client affinity cookie in IE. As a result, the user will receive the upload formula from SERVER1 but SERVER1-3
may receive the post - and that server has no knowledge of the user session.
I'm thinking of sending the ARR cookie value in the querystring as well. Then I'd implement an HttpModule that read the querystring value and set the cookie value in Application_BeginRequest. By installing this HttpModule on the IIS ARR load balancer and
ordering it about the RequestRouting module, my theory is I can manipulate the cookie before ARR reads it. I've done some testing without luck, but I've not exhaustively tested it yet.
Any suggestions / comments on how to manipulate the ARR client affinity cookie before ARR reads it and redirects the request?
As long as you set the cookie before OnMapRequestHandler, ARR will pick it up and use it - note that you may need to to set the cookie header directly rather than using the HttpContext.Cookies collection - also since the header value contains multiple cookies,
be sure to not overwrite other cookies.
Anil Ruia
Software Design Engineer
IIS Core Server
I'm still having some issues implementing the module. I've made a simple module that should set the cookie value. The module is installed into the GAC and added to the IIS level Modules section as a Managed module. However, it does not seem to be invoked.
If I turn off "Invoke only for ASP.NET/Managed handlers" then I immediately get the following error for all requests: The virtual path 'null' maps to another application, which is not allowed root
I've been unable to find any usable explanation for the above error, especially with a 'null' path.
Thus right now my issue is not getting the code to work, but for it to be invoked during the request lifecycle.
The "virtual path null" error is an IIS bug that is fixed in ws08r2 - a workaround for this bug would be to move your ARR rewrite rules from globalRules to per site rules.
Anil Ruia
Software Design Engineer
IIS Core Server
Mark S. Rasm...
62 Posts
Intercepting ARR client affinity cookie
Nov 18, 2009 12:20 PM|LINK
Hi,
We've got a Flash file upload feature in our application, using swfupload. There's a bug in the Flash player that causes it to always send the IE cookies, no matter the current browser - http://swfupload.org/forum/generaldiscussion/383.
This has caused us issues in the past since our session / forms authentication cookies were suddenly gone / errant if the user used Chrome/Firefox. I've previously fixed this issue by sending the cookie contents in the QueryString and then setting the cookie values in Application_BeginRequest so they have their correct values before ASP.NET wires up the session and authentcation.
I've run into a new variant of this bug, since we're now load balancing our app across three content servers using ARR. The previous fix still works, but the issue also affects the ARR client affinity cookie. Basically the user will be assigned to SERVER1 while browing in Firefox, but when the upload is made the client affinity cookie from IE will be sent, or a new will be assigned if the user has no client affinity cookie in IE. As a result, the user will receive the upload formula from SERVER1 but SERVER1-3 may receive the post - and that server has no knowledge of the user session.
I'm thinking of sending the ARR cookie value in the querystring as well. Then I'd implement an HttpModule that read the querystring value and set the cookie value in Application_BeginRequest. By installing this HttpModule on the IIS ARR load balancer and ordering it about the RequestRouting module, my theory is I can manipulate the cookie before ARR reads it. I've done some testing without luck, but I've not exhaustively tested it yet.
Any suggestions / comments on how to manipulate the ARR client affinity cookie before ARR reads it and redirects the request?
Thanks,
Mark S. Rasmussen
IIS7 ARR
anilr
2343 Posts
Microsoft
Re: Intercepting ARR client affinity cookie
Nov 18, 2009 07:13 PM|LINK
As long as you set the cookie before OnMapRequestHandler, ARR will pick it up and use it - note that you may need to to set the cookie header directly rather than using the HttpContext.Cookies collection - also since the header value contains multiple cookies, be sure to not overwrite other cookies.
Software Design Engineer
IIS Core Server
Mark S. Rasm...
62 Posts
Re: Intercepting ARR client affinity cookie
Nov 20, 2009 02:54 PM|LINK
Hi, thanks for the reply.
I'm still having some issues implementing the module. I've made a simple module that should set the cookie value. The module is installed into the GAC and added to the IIS level Modules section as a Managed module. However, it does not seem to be invoked.
If I turn off "Invoke only for ASP.NET/Managed handlers" then I immediately get the following error for all requests:
The virtual path 'null' maps to another application, which is not allowed root
I've been unable to find any usable explanation for the above error, especially with a 'null' path.
Thus right now my issue is not getting the code to work, but for it to be invoked during the request lifecycle.
Any tips are most appreciated.
Thanks!
anilr
2343 Posts
Microsoft
Re: Intercepting ARR client affinity cookie
Nov 20, 2009 05:05 PM|LINK
The "virtual path null" error is an IIS bug that is fixed in ws08r2 - a workaround for this bug would be to move your ARR rewrite rules from globalRules to per site rules.
Software Design Engineer
IIS Core Server
Mark S. Rasm...
62 Posts
Re: Intercepting ARR client affinity cookie
Dec 09, 2009 11:53 AM|LINK
Thanks for your help Anil!
I've blogged about the fix in case anyone else runs into the same issue:
http://improve.dk/blog/2009/12/09/fixing-flash-bugs-by-intercepting-iis-application-request-routing-cookies
Thanks,
Mark