We are dealing with some strange issues while analyzing IIS logs for our web sites. The problem is that I see many entries in the log files when the cookie information is logged as ellipsis, see the sample entry below:
#Software: Microsoft Internet Information Services 6.0
Version: 1.0
Date: 2013-01-25 08:00:00
Fields: date time s-sitename s-computername cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-bytes cs-bytes time-taken
2013-01-25 08:01:11 W3SVC1443552327 IRC-P2WEB-031 GET /pm/free-data-report-faq/Default.aspx SiteVersionID=988&SiteID=100219&Status=A&sc=674104&bcd=SiteVersionID=988&SiteID=100219&Status=A&sc=674104&bcd= - 24.7.1.77 HTTP/1.1 Mozilla/5.0+(iPhone;+CPU+iPhone+OS+6_0+like+Mac+OS+X)+AppleWebKit/536.26+(KHTML,+like+Gecko)+Version/6.0+Mobile/10A405+Safari/8536.25 **...** https://member.some-site.com/PM/reports/credit/articles/about-data-reports www.some-site.com 200 0 14841 6748 62
as you can see the cookie information is shown as ellipsis. Is there any way to find out why this happens and to prevent this? We rely on cookie analysis to get the session id as well as other important data for our web analytics and missing such crucial piece of data is real problem for us.
Thank you for your help in advance,
http://support.microsoft.com/kb/2809913
IIS will omit the cookie information if it exceeds 4096 bytes. Microsoft suggests that if you don't like this behaviour, you should write your own request logger or make the cookies shorter.
Related
When analyzing the IIS Logs, sometimes the csUserName field comes in form of a code, such as lDU9TNFo9/IwGz75KGQn5YB4KJlsX+UamJx11y4M2muiWSWyXCE6vbeQgG1kHXxG
I thought it could be base64 encoding, but I couldn't decode using online tools.
I know the csUserName may point to the user of the web application, I know this may be the SID of a user and sometimes may be the SID of system user accounts, but how to decipher this code?
cs-username means the name of the authenticated user that accessed the server. Anonymous users are indicated by a hyphen. So your csUserName field may be that the user is not authenticated.
Wondering how this is typically implemented. Examples of always logged in websites are StackOverflow, Facebook, and Twitter. It seems like you'd have to have a background job regenerating the session ID (assuming you store session by ID in a database) before the session expires (say you tell the cookie to expire in 5 minutes). So every 5 minutes every session would be regenerated to keep it logged in while also keeping it secure. But before going down that road I'd like to know if this is how others implement it or if there is a more standard approach.
As far as I know, this is how it is done in majority of websites.
A cookie is set with an access token and limited life(of course, if the user checks on'Keep me logged in'). If the user comes to visit the site within that timespan, he is logged in and a current session is generated(from the server). And, the cookie timespan is reinitialized to the pre-decided time.
Say for example: I log in to a website example.com and check its check box, to keep me logged in. Now, as soon as I click the login button and and validated by the server, the server generates a session(for current session) and a cookie(for future sessions), with a time limit of say 1 month. Now, If i come back on say 29th day and open example.com, I shall automatically logged in using the token set in the cookie. The cookie will send my info to the server and the server shall generate my current session. Most importantly, the server will reset the cookie to expire after one month.
If, I return to the website after 30 days, then the cookie will either force me to login again.
I hope my input would be of some help to you.
Really weird authentication problem going on - hope someone can help!
The Domino Web Server Log database shows all the requests a particular user is making for pages in an application I look after. The application is XPages-based and the user is regularly pressing Save on the document she is editing (every few minutes). The save does a full update.
The LTPA token is valid for 30 minutes - I assume however that every time the user performs a full update, the 30 minute token is renewed?
However, when looking at the logs, a save of the document at 09:05 shows the Remote User by name, another save at 09:07 still shows the user by name. The next save at 09:11 shows the remote user by IP address instead, and when you look at the log entry in more detail, the server has replied with 401 UNAUTHORIZED (The client is not authorized to access data). This has of course caused the user's browser to lose the work they had open at the time.
The Cookie on each log entry shows :
LtpaToken=AAECAzUwOUI2RjRCNTA5Qjc2NTNDTj1Bbm5lIExhdm91ZS9PVT1VSy9PPVJVSyvsCs5c4tITD9elgI0BCN5CnZ0O; SessionID=DBDFDKDGTI
The same LTPA Token and session ID for entries where the save document worked, as well as where it failed.
Unsurprisingly, they have then refreshed the session by closing the web page and going back in to it following the error and they get a new LTPA token and session ID.
The LTPA Token validity setting of 30 minutes I refer to is defined by our admins in a Web SSO Configuration document for the server, in the "Server\Internet Sites" view in the NAB. It's the Token Expirations (Minutes) setting. Am I completely misunderstanding this setting - should the timeout be renewed everytime the user does a full submit to the server? Or is something else going on here?
I don't think the token is renewed. It times out no matter if the user is active or not.
You could increase the expiration timeout to a reasonable high value and then add a lower minimum timeout to ensure that sessions doesn't timeout too soon.
Here's an example where expiration is set very high and timeout is set to 2 hours:
We have a Magento store and sometimes when users login it authenticates with someone elses user information.
When the user goes into my account they can see the order details of another customer.
I have found a forum that said to activate the Validate HTTP_USER_AGENT and Validate REMOTE_ADDR values under the Session Validation settings but we are still seeing the issue.
Does anyone have any ideas of what may be causing this issue?
Thanks in advance for your assistance.
George
I never really took the time to properly debug this, but some time ago we had an almost identical problem. Eventually it looked like that when System > Configuration > Web > Use SID on Frontend is enabled and you also have Magento Enterprise Full Page Cache enabled it sometimes saved the SID within cached templates. When other users clicked the link with the incorrect SID they sort of took over that session.
After disabled the SID option, we never had the problem again.
Perhaps not a real answer, but maybe valuable information for you.
If I set the content expiration for static files to something like 14 days and I decide to update some files later on, will IIS know to serve the updated files or will the client have to wait until the expiration date?
Or is it the other way around where the browser requests a new file if the modified date is different?
Sometimes I update a file on the server and I have to do a hard refresh (CTRL+F5) to see the difference. Currently I have it to expire after 1 day.
The web browser, and any intermediate proxies, are allowed to cache the page until its expiration date. This means that IIS might not even be aware of the client viewing the page.
You want ETags
An ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are similar to fingerprints, and they can be quickly compared to determine if two versions of a resource are the same or not. [...]