Monday, November 16, 2009

LCDS & Flex: Solution for "Duplicate session detected" error

In my current project we have a requirement which may seem strange, but still shouldn't be too hard to implement. However it tooks us a while to find out how to solve it.

We have a Flex client with some secured content, which can only be accessed after a login.
The testers found, that after deleting the browser cookies and login again, they could no longer access any of the secured content. All we got back from the server was a "duplicate session detected" error.

The problem is, that LCDS manages its own session. So if the http session dies and gets renewed, LCDS still hangs on to its old session. Similar to a http session, the LCDS session has a id. However the id is not stored in a cookie, but in the flash player itself. It is sent to the client after the first contact to the server. You can find it in FlexClient.getInstance().id. If you set it to null before the login, the problem is fixed, because the server assigns a new id and forgets about the old session.

No comments:

Post a Comment