Host Hopping Cookies

It started with a tweet on Saturday morning.

@MsIngalls: When I go to the Checklist in @Desire2Learn -when I am logged in – I get an error message that says my log in has expired – ideas? #d2l

This sounded like an issue we had in WebCT Vista product I called Failed Sessions. FSes occur when the user is actively working in the product and suddenly gets dumped to the login page. Not to be confused with Login Loop which is providing the correct username and password but never getting a valid session. I hated working either issue because they were never repeatable. The problem could involve any piece of software that could somehow touch a cookie on the user’s computer. Occasionally they were the fault of Weblogic too.

I recommended Amy open a Desire2Learn ticket through our portal on behalf of the professor. I also started my own investigation.

First, I poked around in the logging database for errors involving checklist. I found different courses not the one involved.

Second, I pulled out of our load balancer logs the id number for the course. That yielded plenty of data showing the problem.

These, I added to the ticket and suggested capturing the HTTP headers should the issue not be repeatable by others. Of course, the support agent was not able to repeat it. The headers clearly showed the cookies were not sent.

The professor of course poked holes all through my suggestions of tracking down which of the many software is involved. Different software, hardware, networks, and browsers meant the cause was probably not something residing on the computers. But the issue definitely was still all of these browsers in a wide variety of places all chose not to send the cookies. This is also when he dropped the next bomb that the problem only occurs on links in a specific widget.

Checking the code behind the widget, I only saw simple absolute URLs. Which made me shudder because earlier this week absolute URLs in the login page for a development site put me in production without me being aware for several minutes.

PSA: Only use absolute URLs when sending a visitor to another web server. Say you are here, at www.ezrasf.com and you want someone to see another of my blog entries. Drop http://www.ezrasf.com from the URL and start the path with / (a relative URL). Should I change the host name to blog.ezrasf.com or www.ezrafreelove.com, then the link has better success of working.

It turns out the problem is the professor used the pre-production host name for the web application. The widget absolute URL links used a different host name for production. Both resolve to the same servers. But cookies are tied to a specific host name. So being logged into one of host and getting a link to the variant means the session is not valid at the variant.

At least the workaround and fix are easy.

The workaround for the professor is to stop using the pre-production URL.

The fix is for the widget designer to turn the absolute URLs to relative URLs since they point to same location.

Also, it would be nice for a better error message than:

No Login

Either you have failed to login, or your login has expired.

First the comma is bad grammar. Second, if I am a normal user who encounters this problem, then what can I do to fix it myself? This is not an error someone sees if their password or username are wrong. This is also not what a user normally sees when they are idle too long. But then again, there are lots and lots of potential causes and solutions.

TED Talk: Dan Pink on the surprising science of motivation

I was attracted to this video because a while ago I read Daniel’s book: A Whole New Mind. Take the concept that simple, clearly defined jobs will move to overseas. So to succeed in the United States, children need to be learning conceptual skills and become the people inventing the work doled out to overseas workers. Let’s ignore that overseas workers are more than capable of conceptual work like our kids.

The pervasiveness of functional fixedness perhaps explains why I have a job. (That and I’m not a gestault pscychologist.) The web comic xkcd recently posted a flowchart on how to become a computer expert where the pick one at random is overcoming functional fixedness. Much of what I do is figuring out non-intuitive issues and document a way to make it work aka a workaround.

I like his list of what economists say are good motivators to replace monetary incentives. The opportunity to get incentives like these drew me to this project. Of course, we don’t have the levels of autonomy Pink describes. Baby steps! Can you see your employer allowing the employees to spend one day a year working on whatever the employees wish to deliver a new product? Some autonomy in a group I work with here resulted in Yaketystats.

  • Autonomy
  • Mastery
  • Purpose

My favorite quote:

Traditional notions of management work great when you want compliance. If you want engagement, self-direction works better.

So this video is why this week I’ve been talking about how compliance sucks.  🙂

Division Issue in YAPB

Problem PHP in Yet Another Photoblog causes “Warning: Division by zero in exifReader.inc on line 859” (the problem line is in bold):

 

case TAG_SHUTTERSPEED:
  // More complicated way of expressing exposure time, so only use
  // this value if we don’t already have it from somewhere else.
  if ($this->ImageInfo[TAG_EXPOSURETIME] == 0){
    $sp = $this->ConvertAnyFormat($ValuePtr, $Format);
    // Temporary Workaround for divizion by zero problem
      if (!empty($sp[0])) {
        $this->ImageInfo[TAG_SHUTTERSPEED] = (1/exp($sp[0]*log(2)));
      } else {
        $this->ImageInfo[TAG_SHUTTERSPEED] = 0;
      }
    }
    break;

 

Looks like YAPB is attempting to create a value if one doesn’t exist for TAG_EXPOSURETIME by inventing a new value. In my problem picture, the exposure time is 0.003 seconds which != 0. So why is the ($this->ImageInfo[TAG_EXPOSURETIME] == 0) condition evaluated as true? 

Interestingly, just prior to this is some code dealing with TAG_EXPOSURETIME which seems to be affecting this. Changing the 0.5 to 0.0005 (less than my current value removes the problem.

case TAG_EXPOSURETIME:
  // Simplest way of expressing exposure time, so I trust it most.
  // (overwrite previously computd value if there is one)
  $tmp = $this->ConvertAnyFormat($ValuePtr, $Format);
  $this->ImageInfo[‘h’][“exposureTime”] = sprintf(“%6.4f s (%d/%d)”,(double)$tmp[0],$tmp[1][0],$tmp[1][1]);
  if ($tmp[0] <= 0.5){
    $this->ImageInfo[‘h’][“exposureTime”] .= sprintf(” (1/%d)”,(int)(0.5 + 1/$tmp[0]));
  }

  break;

With this conditional, the exposure time is “0.003 s (1/400) (1/400)” without “0.003 s (1/400)”. Didn’t see a reason to have it twice, so I’ve dropped it.

Also, I figure it would be better to call ImageInfo[‘h’][“exposureTime”] instead of ImageInfo[TAG_EXPOSURETIME]. With this change, it seems to have resolved the issue for me.

Open Response To Bb ACSS

17. What is the single most important thing Blackboard can do to create a better client experience for your institution?

Provide successful workarounds or bug fixes to the identified issues in a timely manner. A timely manner means within 5 days to the user and 180 days to me. By the end of 5 days, the affected users have given up on ever getting a solution. We know we have lost that user ever giving us the benefit of the doubt about our service again. We only keep the ticket open in hopes of preventing the same issue from happening to another user and losing them as well.

All you other Blackboard customers out there. What did you put here? Or any of the other freeform answers. If you didn’t get to do the survey, then what would you have liked to put there?

Ask

I find it interesting how people take suggested workarounds for solving a problem as me loading on them additional responsibility. They wanted a solution in the form of a code fix from a vendor who no longer provides code fixes to this version (and takes up to a year to provide them in the current version and is hated when implemented).

I provided a manageable solution they could effect today without waiting to see if or when the feature suggestion might be implemented.

So now I am “asking them to do more work”? Nice.

Next post: the workaround.

Pointless

So I wanted to open a support ticket. However, in thinking about what I can ask for the company to do arrayed against what they are willing to offer for support, I realized… I am not going to get a resoultion for the ticket.

  1. It is functioning as designed.
  2. They are just going to tell us the workarounds we have already implemented.

So, what is the point? Other than distracting employees of the company with something they are never going to solve, I get no benefit. I just get to be the passive-aggressive, CYAer, paper pusher who gets to point at the fact I opened a pointless support ticket to justify my employment.

Yes, the problem could trigger a cascade of events which would result in the failure of services for about 3,000 active users. We stood at the brink twice yesterday and the day before. Because we DBAs are responsive, we saved it. The next time we will do the same.

The company is not going to release another patch for the product unless forced to do so (aka glaring security hole). So even if we could convince them of a bug, then no resolution would be provided in this version. I’ll have to replicate to see if the same problem exists in a newer version they do adequately support. If so, then I would have justification in opening a ticket.

Now… how to I identify an 8GB section archive…