Intermittent 401 Error on AJAX PUT

Ryan Morlok

We are doing an AJAX PUT from a JavaScript widget an authenticated session on the GTLRMaxwell site. Most of the time (say 9 out of 10 times) the request goes through correctly, but occasionally we get a 401 error and the request never hits WebContent (the module specified in the x-cobalt-host header).

The problem has been observed in CI, DEMO, and QED, but happens much more frequently when running locally.

When running locally, I set a breakpoint in GetSecurityHeaders(...). My breakpoint hits when I first get to the page (which happens to be for GET requests), and then it never hits for successive AJAX requests. I'm assuming this is Apache Interceptor caching the headers response. When the 401 comes back, the breakpoint also has not hit, which indicates to me that Apache Interceptor is rejecting the request without consulting Website first.

Any suggestions on what could cause this and next steps for debugging?

Ryan Morlok

This problem was caused by a naming collision in the xxx_pm cookies that are set by iRules.

The xxx_pm cookie value defines server affinity for a given session on a per-module basis. The name of cookie was determined by taking the first 3 letters of the module’s name (web for website, sea for search, etc). Because we introduced a new module called “WebConent” we had two modules mapping to the same cookie name. Because of this when iRules attempt to route the GetSecurityHeaders call from Apache Interceptor to Website, they were incorrectly going to WebContent, which fails.

This problem has since been corrected by updating iRules to have an explicit mapping from module name to cookie name. WebContent now uses wco_pm.

mark.maruska

Are there specific steps or a particular page were this issue can be recreated?

Ryan Morlok

Yes, but it requires a login Advisor that has editorial rights.