World: r3wp
[!Cheyenne] Discussions about the Cheyenne Web Server
older newer | first last |
Graham 19-Aug-2009 [5490] | it's caching the whole page ... so it won't see the etags |
Will 19-Aug-2009 [5491x2] | headers you pasted are not coming from cheyenne but from google server, you can't control them |
just to understand, you generate a file and u upload to googledocs, then requests it from google server? | |
Graham 19-Aug-2009 [5493x5] | frustrating .. can't get a trace |
Yes, that's correct. | |
but chrome is not executing the rsp script ... as far as I can see. | |
I think I'll just stick with putting a time stamp on each request to foil the cache | |
Or just stick with FF / IE. | |
Will 19-Aug-2009 [5498x2] | then this has nothing to do with cheyenne, add something like join %? checksum form now/precise ad the end of requested url |
if it is the rsp script that doesnt get executed , please paste headers from rsp response | |
Graham 19-Aug-2009 [5500x2] | ?t= url-encode form now/time/precise |
which rsp response? | |
Will 19-Aug-2009 [5502] | you said "but chrome is not executing the rsp script ... as far as I can see." |
Graham 19-Aug-2009 [5503] | yes, I put a ?? in the script and it doesn't log. |
Will 19-Aug-2009 [5504] | so that is the rsp you request that generate the file and upload it to google |
Graham 19-Aug-2009 [5505] | yes |
Will 19-Aug-2009 [5506] | I'd like to see the response headers of that request , not those from requesting the uploaded file |
Graham 19-Aug-2009 [5507x2] | thi sis the link http://gchiu.no-ip.biz:8000/md/creategoogledoc.rsp?gdoc=simple-letter.rtf&patientid=2832&encounter=none |
but the page does not get executed | |
Will 19-Aug-2009 [5509] | I can't go past http://gchiu.no-ip.biz:8000/md/login.rsp 8) |
Graham 19-Aug-2009 [5510x2] | When I click on that link ... it supposed to execute a script when then sets the response/redirect |
so there is no response from cheyenne .. only from google | |
Will 19-Aug-2009 [5512] | with a redirect and wireshark, u should see both response headers, your browser is requesting two resources, one form Cheyenne, one from the redirected url |
Graham 19-Aug-2009 [5513] | You'd think so .. but the pcap dump is only showing the googledocs response |
Will 19-Aug-2009 [5514x3] | if u private msg me a login/pas I can give it a look |
impossible, that is not how it works, cheyenne responds with a redirect, that is an answer and has a header, the the browser request the redirected url from google server | |
I need to see headers of the redirect response sent from Cheyenne, the problem may be there, if that response hasn't proper Expire, etc.. headers it may get cached by Chrome, and thus the behaviour u see | |
Graham 19-Aug-2009 [5517] | this is the request GET /md/creategoogledoc.rsp?gdoc=simple-letter.rtf&patientid=2832&encounter=none HTTP/1.1 Host: gchiu.no-ip.biz:8000 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://gchiu.no-ip.biz:8000/md/Listgoogledocs.rsp Cookie: RSPSID=QZPTPCZIWWMMYBKWHWRQETGM |
Will 19-Aug-2009 [5518] | I need the response not the request 8) |
Graham 19-Aug-2009 [5519] | Yes .. I know ... that was the end of the "follow tpc stream" |
Will 19-Aug-2009 [5520x3] | umm.. now that sessions are bound to ip I can't hijack your session to check that out ;-) |
got to go, either paste here response headers from cheyenne or private msg me a temp user/login. in the meantime just add a timestamp parameter to the response/redirect url | |
timestamp also for the rsp url | |
Graham 19-Aug-2009 [5523x2] | http://www.compkarori.co.nz:8000 userid/pass Guest/Guest |
You won't be able to create a googledoc though as it requires that your google credentials are stored! | |
Robert 19-Aug-2009 [5525x2] | My reported problem: Doc, I'm not using VALIDATE nor do I check the parameters. Do I have to? I thought Cheyenne does this implicit. |
I expect the problem with the parameter to force the seen side-effects. So before going into deeper analysis I want to fix the parameter problem. Any guide how to handle parameters correctly? | |
Dockimbel 19-Aug-2009 [5527] | Robert, how can Cheyenne know that "quantity" must be an integer! value if you don't tell it? Cheyenne can't validate that implicitly, you have to either use VALIDATE (see API doc) or make your own checking routines. By default, all your GET or POST parameters are treated as string! value. If you need to check for their presence or need to convert them to another datatype, you have to validate the format so that it doesn't error out (or worth, let an hostile request pass). |
Graham 19-Aug-2009 [5528x2] | I've created a dummy google account so that people can try this out |
pm me if you want to try ... | |
Will 19-Aug-2009 [5530x9] | ok here is the answer from Cheyenne: HTTP/1.1 301 Moved Permanently Server: Cheyenne/0.9.20 Date: Thu, 20 Aug 2009 09:43:23 GMT Connection: close Location: http://docs.google.com/Doc?docid=0AcdrOHdpKfrWZGZwd3Z4MmJfMnNxcDJkNmZu&hl=en Set-Cookie: RSPSID=OTWARJZIFLZYABVJOACFFTZY; path=/md; HttpOnly |
answer from the redirection: HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Date: Wed, 19 Aug 2009 21:43:58 GMT Set-Cookie: WRITELY_UID=001dfpwvx2b|928b9de9e7bf56448b665282fc69988b; Path=/; HttpOnly Set-Cookie: GDS_PREF=hl=en;Expires=Sat, 17-Aug-2019 21:43:58 GMT;HttpOnly Set-Cookie: SID=DQAAAHcAAAB0kldc4zZSC_0FoiL6efkWE11k9SQkAIn-N3WfAzIOVe1cM-remnLUtV3Z4M-BFRf5eknz7hr_U3YzW94nECo0-aDnpxrLGiBglWGN4VkfLr5Hh7t2XNyRCA3VWd005SfCmZ9D8-1MUltjRI8X56VLde5Wy8HD92gh-8YkJBJxQA;Domain=.google.com;Path=/;Expires=Sat, 17-Aug-2019 21:43:58 GMT Location: https://www.google.com/accounts/ServiceLogin?service=writely&passive=true&nui=1&continue=http%3A%2F%2Fdocs.google.com%2FDoc%3Fdocid%3D0AcdrOHdpKfrWZGZwd3Z4MmJfMnNxcDJkNmZu%26amp%3Bhl%3Den&followup=http%3A%2F%2Fdocs.google.com%2FDoc%3Fdocid%3D0AcdrOHdpKfrWZGZwd3Z4MmJfMnNxcDJkNmZu%26amp%3Bhl%3Den<mpl=homepage&rm=false Content-Encoding: gzip X-Content-Type-Options: nosniff Content-Length: 325 Server: GFE/2.0 | |
more redirection: HTTP/1.1 302 Moved Temporarily Set-Cookie: WRITELY_SID=DQAAAHoAAADh80lBIw7e5Hg06TLEBgCY33XQGJ1aUH5OrCF_ir1xLwffKNaCqNdUL6qYfvgjNppDBI4lTNBSTjJWMG_Ze0_qJnveBCAtihBDFwBlOb-H7RlkfgJwM7pBbyKV7bm4M3mqUivD1emtpxgl32vG8CEP1poQ2479HQXrlobsp7Egzw;Domain=docs.google.com;Path=/;Expires=Thu, 03-Sep-2009 21:43:59 GMT Location: http://docs.google.com/Doc?docid=0AcdrOHdpKfrWZGZwd3Z4MmJfMnNxcDJkNmZu&%3Bhl=en&pli=1 Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Date: Wed, 19 Aug 2009 21:43:59 GMT Expires: Wed, 19 Aug 2009 21:43:59 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff Content-Length: 232 Server: GFE/2.0 | |
and the the target page: HTTP/1.1 200 OK Set-Cookie: WRITELY_SID=DQAAAHoAAADh80lBIw7e5Hg06TLEBgCY33XQGJ1aUH5OrCF_ir1xLwffKNaCqNdUL6qYfvgjNppDBI4lTNBSTjJWMG_Ze0_qJnveBCAtihBDFwBlOb-H7RlkfgJwM7pBbyKV7bm4M3mqUivD1emtpxgl32vG8CEP1poQ2479HQXrlobsp7Egzw;Domain=docs.google.com;Path=/;Expires=Thu, 03-Sep-2009 21:43:59 GMT Set-Cookie: GDS_PREF=hl=en;Expires=Sat, 17-Aug-2019 21:43:59 GMT;HttpOnly Set-Cookie: user=; Expires=Tue, 18-Aug-2009 21:43:59 GMT; Path=/; HttpOnly Set-Cookie: login=; Expires=Tue, 18-Aug-2009 21:43:59 GMT; Path=/; HttpOnly Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Date: Wed, 19 Aug 2009 21:43:59 GMT Content-Encoding: gzip Transfer-Encoding: chunked X-Content-Type-Options: nosniff Server: GFE/2.0 | |
Conclusion, as you can see above google response for redirection include no caching, expires, etc,, headers, Cheyenne don't. I suppose that is why you don't see the second hit on your Cheyenne instance, Chrome is caching the Cheyenne redirection. | |
in the rsp that send the the 301 redirect, add this lines: response/set-header 'Cache-Control "private, max-age=0" response/set-header 'Expires "-1" if that is not enough, try with this: response/set-header 'Cache-Control "no-cache, no-store, max-age=0, must-revalidate" response/set-header 'Pragma "no-cache" response/set-header 'Expires "-1" | |
now try that and tell us if you see hitting your server at every requests | |
Nenad, should a redirect send no caching headers by default? | |
Maybe yes for a 301 and no for a 302? Personally I like it as it is, I can always add them when needed. | |
Graham 19-Aug-2009 [5539] | That first redirection is an authentication request from google so it looks like you might not have been logged in to gmail at the time. I used your second suggestion and that seems to work fixing the caching issue. Good work! |
older newer | first last |