Httpbind (BOSH)

This issue happens regularly, but occurs anywhere from the begging of a session to 5-10 min later. We are using strophe.js client. The same issue happens when using candy.js (though it use strophe.js).

Our serivces use a prebind process to return sid, rid back to browser client strophe.js takes over from there.

Looking at the openfire stdout.log (log.httpbind.enabled == true), I see this pattern…

18:13:44: HTTP RECV(f5620f93):

18:13:44: HTTP SENT(f5620f93):

18:13:44: HTTP SENT(f5620f93):

18:13:44: HTTP RECV(f5620f93):

18:13:44: HTTP RECV(f5620f93):

18:13:44: HTTP ERR(f5620f93): terminate, item-not-found.

18:13:44: HTTP SENT(f5620f93):

18:13:44: HTTP SENT(f5620f93):

18:13:44: HTTP RECV(f5620f93):

In Openfire’s warn.log…

18:13:44 org.jivesoftware.openfire.http.HttpSession - Deliverable unavailable for 774044229

18:13:44 org.jivesoftware.openfire.http.HttpBindServlet - Client provided invalid session: f5620f93. [192.168.2.14]

Our httpbind properties…

xmpp.httpbind.client.idle == 360

xmpp.httpbind.client.requests.max == 30

xmpp.httpbind.client.requests.polling == 0

xmpp.httpbind.client.requests.wait == 60

xmpp.httpbind.scriptSyntax.enabled == true

Any ideas why we get these “random” invalid session messages?

It seems Openfire’s BOSH implementation is a bit quirky and possibly out of date. We made some changes to our prebind library to work around the issues and now this problem is gone.

I’ve often seen those “Client provided invalid session” messages, too. And if you search in the internet, there are many other people asking about it. Maybe you want to share, what was the problem.

I don’t know all of the details as the MatriX developers figured it out. Basically, when I perform the server side prebind (using matrix), openfire does something that caused the matrix client to continue to respond to requests from Openfire after MatriX had given me the sid and rid (which is sent to the browser). As such, there were two clients (browser and server) using the same sid each incrementing their copy of the rid. Eventually (5-20s), Openfire would drop the entire session because the rids were out of range and/or duplicated. Openfire would (I guess) consider the session dead and drop the sid from the “active sid list”. When either client communicated with openfire again, it would receive the invalid sid response.

So, MatriX changed their library to work around this bad behavior by Openfire. This prevented Matrix from continuing to communicate with openfire after the prebind was complete that resulted in duplicate or out-of-window rids.

Here’s quote from the MatriX developer…

The root of the problem is Openfire requiring still the session iq which was not covered by prebind yet. This was removed from the XMPP RFQs a long time ago and is stuff left over from the old Jabber protocol days.

Interesting… maybe.

Which Openfire version do you use?

Openfire 3.9.3

Matrix 1.6.0.1 has the work around