Duplicate session errors in LCDS/BlazeDS

I’ve heard of a number of customers who run into duplicate sessions error in LCDS/BlazeDS, and I want to clarify why you get this error and how to best handle it.

I think the best existing explanation of the error is from the following post from my co-worker Alex Glosband. In a nutshell, every SWF on the client is represented as a FlexClient and every connection of the SWF to the server is represented as a FlexSession on the server. Normally, you have one FlexClient and one FlexSession on the server because you have one SWF on the client that has one connection to the server. However, in some cases, your SWF might end up (wrongly) getting associated with multiple FlexSessions, and that’s when you get duplicate session errors. For example:

  1. The SWF loads and makes two subsequent requests to the server before a session is established on the server for the first request. In that case, two sessions will be established on the server for a single SWF.
  2. Cookies are disabled on the client, so every new request generates a new FlexSession on the server and so a single SWF gets associated with multiple FlexSessions.

I’m sure there are other cases but regardless, a single SWF should be associated with a single FlexSession (if the SWF is talking to a single endpoint) because a single SWF talking to a single endpoint is supposed to do all of its communication over a single FlexSession. Some people asked ways to turn off this multiple session detection as a workaround but this is not a good idea because there are security implications for a single SWF/FlexClient being associated with multiple FlexSessions.

Instead, it’s better to avoid this error by making sure your app makes sure a session is established on the server before making new requests. This is best achieved if your app makes the initial request and waits for its response (so a session is established) before making new requests. If this is not possible, the second option is to trap the duplicate session error on the client and reissue the request. When the duplicate session error is thrown on the server, the FlexSession and FlexClient are invalidated, so a new request from the SWF with same FlexClient id with a new FlexSession will be safe. For example, if you’re making a remoting request, you can add the following code to detect the duplication session error and reissue the request:

if (event.fault.faultCode == “Server.Processing.DuplicateSessionDetected”)

7 thoughts on “Duplicate session errors in LCDS/BlazeDS

  1. Problem: Duplicate session errors when flex.war and Livecycle.lca files are hosted in separate JVMs on WebSpehere Server.

    Inside the command file for the event, set FlexClientId to null in execute method before calling remote service (Java method or LC Process).
    I guess this can approach can be used in other scenarios as well to prevent Duplicate session errors.

    EventCommand.as file

    import mx.messaging.FlexClient;
    //other import as per your code

    public function execute(event:CairngormEvent):void
    var evt:EventName = event as EventName ;

    var delegate:Delegate = new DelegateImpl(this as IResponder);

    //***set client ID to null
    FlexClient.getInstance().id = null;


  2. Mete, thank you for this. However, I’m not able to to implement this fix. We’ve just upgraded our server to CF9 multiserver. We have flex 3 running and for the first time we receiving the above error. How is myRemoteObject.echoString(“foo”) reissuing the request? When try to implement the above solution it tells me echoString is not found. Any help will be appreciated

  3. Hi Luis, what I meant is that after getting the duplicate session error, you should trap the faultCode I described in your Flex app, and reissue your RemoteObject call, whatever that RemoteObject call might be. I just used myRemoteObject.echoString as an example.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s