I’ve heard of a number of customers who run into duplicate sessions error in LCDS/BlazeDS, and I want to clarify why you get this error and how to best handle it.
I think the best existing explanation of the error is from the following post from my co-worker Alex Glosband. In a nutshell, every SWF on the client is represented as a FlexClient and every connection of the SWF to the server is represented as a FlexSession on the server. Normally, you have one FlexClient and one FlexSession on the server because you have one SWF on the client that has one connection to the server. However, in some cases, your SWF might end up (wrongly) getting associated with multiple FlexSessions, and that’s when you get duplicate session errors. For example:
- The SWF loads and makes two subsequent requests to the server before a session is established on the server for the first request. In that case, two sessions will be established on the server for a single SWF.
- Cookies are disabled on the client, so every new request generates a new FlexSession on the server and so a single SWF gets associated with multiple FlexSessions.
I’m sure there are other cases but regardless, a single SWF should be associated with a single FlexSession (if the SWF is talking to a single endpoint) because a single SWF talking to a single endpoint is supposed to do all of its communication over a single FlexSession. Some people asked ways to turn off this multiple session detection as a workaround but this is not a good idea because there are security implications for a single SWF/FlexClient being associated with multiple FlexSessions.
Instead, it’s better to avoid this error by making sure your app makes sure a session is established on the server before making new requests. This is best achieved if your app makes the initial request and waits for its response (so a session is established) before making new requests. If this is not possible, the second option is to trap the duplicate session error on the client and reissue the request. When the duplicate session error is thrown on the server, the FlexSession and FlexClient are invalidated, so a new request from the SWF with same FlexClient id with a new FlexSession will be safe. For example, if you’re making a remoting request, you can add the following code to detect the duplication session error and reissue the request:
if (event.fault.faultCode == “Server.Processing.DuplicateSessionDetected”)