search

ajanata / PretendYoureXyzzy

A web clone of the card game Cards Against Humanity.
https://pretendyoure.xyz/zy
BSD 2-Clause "Simplified" License
1.22k stars 397 forks source link

Not registered or session expired immediately after register #161

Closed devgianlu closed 6 years ago

devgianlu commented 6 years ago

Hi, I'm the developer of the Pretend You're Xyzzy app. The app is getting pretty popular but I'm experiencing many issues with people reporting a not registered (or session expired) issue immediately after registering. For some users it happens sometimes, for other it happens every time and therefore the game is unplayable. I've tried changing the library I'm using for the network communication, but the issue appeared again. I don't really know what may be causing this, that's why I posted here. Maybe someone has encountered the issue before or maybe the creator has more experience with his server and could help me.

Gianluca

ajanata commented 6 years ago

That should only happen if the JSESSIONID cookie is not being sent back to the server, or if it has been more than about a minute since that cookie was last used. I'd recommend doing whatever username prompt you're wanting to do, and then hit game.jsp just to get a JSESSIONID, and then hit the registration endpoint, so you minimize the chance that the cookie expires before you use it.

I'll have to check that app out sometime, if I can find my old Android device.

devgianlu commented 6 years ago

Right now I am hitting first load, asking to the user the username and then registering. Isn't that the same thing?

On Feb 15, 2018 7:59 PM, "Andy Janata" notifications@github.com wrote:

That should only happen if the JSESSIONID cookie is not being sent back to the server, or if it has been more than about a minute since that cookie was last used. I'd recommend doing whatever username prompt you're wanting to do, and then hit game.jsp just to get a JSESSIONID, and then hit the registration endpoint, so you minimize the chance that the cookie expires before you use it.

I'll have to check that app out sometime, if I can find my old Android device.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ajanata/PretendYoureXyzzy/issues/161#issuecomment-366027266, or mute the thread https://github.com/notifications/unsubscribe-auth/AOI-8YUZk6pSZKFLzNnjzYzH0xFizkSsks5tVH6hgaJpZM4QvBr3 .

ajanata commented 6 years ago

Huh, maybe I'm mis-remembering how this works, because I thought the web client either did something to deal with that situation, or would have that problem too, and I can't see either of those cases...

ajanata commented 6 years ago

Okay, so I took a look at what that app is doing against a development server using Wireshark, and it doesn't appear to be sending the JSESSIONID cookie back. If it's working on some devices but not others, I wonder if there's a global Android setting that's affecting it?

I don't see anything I can do on my end without that cookie being sent back (cuz the server needs to know who you are somehow).

devgianlu commented 6 years ago

Thanks for your help. I'll review my code and add a debug message to see if the cookie is actually sent. There seems to be no limitations on Android.

devgianlu commented 6 years ago

@ajanata I've just released a new version. I've synchronized all value read/write to the session ID field. Hopefully it's fixed.