4D Web Server 503 Errors

Cannon Smith (3/27/14 10:00AM)
Milan Adamov (3/27/14 5:36PM)

Cannon Smith (3/27/14 10:00 AM)

Hi All,

Iím new to using 4Dís web server and have run into an issue that I
donít know how to track down. It seems that if a browser changes IP
addresses, 4D starts returning 503 errors. For example, if I take my
iPhoneís browser and connect to the website over the cellular network,
the website works. But if I go into a library where wifi is available,
I start getting 503 errors.

Any ideas on what I should look at? This is in v14.0.

Thanks.

--
Cannon Smith
Synergy Farm Solutions Inc.
Hill Spring, AB Canada
403-626-3236
<cannon@...
<www.synergyfarmsolutions.com>
Milan Adamov (3/27/14 5:36 PM)

On 27.03.2014., at 17.00, Cannon Smith
<cannon@... wrote:

color><param>00000,0000,DDEE/param>HHi All,

I&iacute;m new to using 4D&iacute;s web server and have run into an issue that I
don&iacute;t know how to track down. It seems that if a browser changes IP
addresses, 4D starts returning 503 errors. For example, if I take my
iPhone&iacute;s browser and connect to the website over the cellular network,
the website works. But if I go into a library where wifi is available,
I start getting 503 errors.

Any ideas on what I should look at? This is in v14.0.

/color>
Hi Cannon,

there is a bug

ACI0086666 : [128352] changing from wifi to 3G error 503

which was fixed in build 154972 and later, including v13 and v14
branch. However, that bug fix won't help, the bug is actually that you
should receive error 400, not 503 and the session should be closed,
reloading the page again creates new session. But, as Add wrote in
this tech note

http://kb.4d.com/assetid=76521

4D considers this as big security issue, this is from technical note:

In order for 4D Web Server to route the execution scope to the right
session, the above two values must be validated to one of the
previously generate sessions. If the request has a valid session id
but the IP address is different from the last request, 4D recognizes
it as a security thread and returns a 400 error. This assumption is
that each session ID is guaranteed to be unique and it can be assigned
one IP address only. If an unidentified IP is making a request with a
known session ID, it will be rejected

On the other hand we have feature request related to this bug here:

http://forums.4d.fr/Post/EN/14298832/1/14298833

to allow customization of error message displayed.

Regards,

Milan
Reply to this message

Summary created 3/27/14 at 1:13PM by Intellex Corporation

Comments welcome at: feedback@intellexcorp.com