intermittent login failure on login-app sample

Not applicable

When running the login-app oauth sample, we are seeing intermittent errors, where we're redirected back to the login page. Below are my troubleshooting notes. Any advice on how to troubleshoot further?

  1. We're seeing browsers (IE and chrome) and runscope/ghostinspector fail intermittently
    1. Cookies are being sent and returned without issue, it seems.
    2. Low number of connections, less than 100 per day..
    3. Fails similarly in DEV and PROD.
  2. We added page cache (maxage) to 30d so browser pages will cache static resources for 30 days.
    1. while this helped reduce the failures, it did not address root cause. The login-app code is written to address this case. The express-static module is designed to assign the /public route before sessions are setup. So we're not sure why reducing these image and CSS requests would reduce the failures.
    2. Note that Runscope does not respect page cache (no temporary internet files), so it still fails.
  3. We created tests in a node.js client to run through the three page login flow.
    1. No errors were returned from node client, despite increased load during this test.
    2. Node doesn’t ask for static resources.
    3. Node runs faster, but even with think time added, no errors for node client.
  • What about sessions on a load balancer?
    1. If the cache were not being shared between server instances, this kind of error would occur.
    2. app is using ./lib/apigee cache. No configuration possible for load balancing, so assuming it must already be configured for load balancing.
  • 0 3 137
    3 REPLIES 3

    Not applicable

    Appears to have become a problem in mid-July.

    Hi @DavidHickey,

    Just to close the loop on this, we got on a call to work through this issue. N.B., this is a node.js proxy, hosted in Apigee Edge.

    The latest indicates this is due to some expressjs caching parameters described here: https://github.com/expressjs/session, specifically setting both the "saveUninitialized" and "resave" options to false.

    As this Resolved your issue, I wanted to make sure to post a response here for any other Apigee customers who may be having a similar issue.

    Thanks!

    Thanks for following up and thanks for your help. I suspect other users of the login-app sample will also experience this issue at some point. Perhaps the sample should be updated to reflect the latest thinking from the express-session folks?