Topic
21 replies Latest Post - ‏2013-06-26T15:08:53Z by prasadtadi
SystemAdmin
SystemAdmin
24948 Posts
ACCEPTED ANSWER

Pinned topic How to delete REST sessions

‏2012-06-06T23:08:12Z |
We have some scripts using the REST API to update data in Clearquest. Occasionally seem to run out of resources such that people cannot log into cqweb. We believe that REST sessions are taking up resources.

According to https://jazz.net/wiki/bin/view/Main/RcmRestCmApi#Session_Management:

A ClearQuest session is established when the client accesses a secured resource and expires after a period of inactivity. This happens after either the HTTP session times out or the ClearQuest session times out. Generally a license is consumed when the session is established. If the ClearQuest user already has an active session with ClearQuest Web or ClearQuest Bridge, however, we do not consume a second license.
You can explicitly invalidate any ClearQuest sessions associated with an HTTP client by invoking the DELETE method on the /session/ context:
DELETE {base-uri}/session/
This releases any licenses associated with these sessions.

However when I call

$rest->DELETE ("$CQ_HOST/cqweb/oslc/session/");
print "Response: " . $rest->responseCode . "\n";

I get 403 saying "You don't have permission to access the requested directory". What gives here?
Updated on 2012-06-22T05:08:57Z at 2012-06-22T05:08:57Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    24948 Posts
    ACCEPTED ANSWER

    Re: How to delete REST sessions

    ‏2012-06-06T23:44:28Z  in response to SystemAdmin
    Never mind. The answer is:

    $rest->DELETE ('/cqweb/oslc/session/');

    The documentation was not clear...
    • SystemAdmin
      SystemAdmin
      24948 Posts
      ACCEPTED ANSWER

      Re: How to delete REST sessions

      ‏2012-06-15T00:56:19Z  in response to SystemAdmin
      Reopening this... More information. While the above code does "work" in that I get a 200 status code back indicating success, the session is not deleted! If you look under CQ Web: Site Administration: Login Stats you'll see an entry for this connection listed as say admin, with no email/phone/etc listed. This entry will take 30 minutes to time out (default config) and wastes resources.

      We are experiencing these wasted resources and our users are unable to login to CQ Web.

      These are NOT resources from CQSession::Build but only from REST calls. The session does not get deleted.

      Anybody know of any solutions?
  • SystemAdmin
    SystemAdmin
    24948 Posts
    ACCEPTED ANSWER

    Re: How to delete REST sessions

    ‏2012-06-15T00:57:50Z  in response to SystemAdmin
    Sessions are not being deleted.
    • cglockner
      cglockner
      345 Posts
      ACCEPTED ANSWER

      Re: How to delete REST sessions

      ‏2012-06-18T09:22:54Z  in response to SystemAdmin
      Hi Andrew,

      That might be a defect - what version of CQ are you using there?

      -Christian
      • SystemAdmin
        SystemAdmin
        24948 Posts
        ACCEPTED ANSWER

        Re: How to delete REST sessions

        ‏2012-06-18T14:12:10Z  in response to cglockner
        We are using 7.1.2.3 but that's not the issue. On a support call with IBM it was said that one must pass along login cookies with the appropriate JSESSIONID so that the web knows who you are and which session to re-use and which session to delete. Of course none of the documentation (if you can call it that) shows how to do this at all. We are waiting for examples from IBM to describe how this is supposed to be done.
        • cglockner
          cglockner
          345 Posts
          ACCEPTED ANSWER

          Re: How to delete REST sessions

          ‏2012-06-20T11:52:26Z  in response to SystemAdmin
          Hi Andrew,

          Ah, I see. Cookie handling is actually not application specific, since they are typically transmitted as an HTTP header (just like
          
          Content-type
          
          and others. So your code just needs to make sure that it picks up the Cookie set once you have created the session and maintains that cookie, and transmits it to the server with every request until you want to delete the session.

          -Christian
          • cglockner
            cglockner
            345 Posts
            ACCEPTED ANSWER

            Re: How to delete REST sessions

            ‏2012-06-20T11:56:01Z  in response to cglockner
            And as one more update, maybe this article helps.
          • SystemAdmin
            SystemAdmin
            24948 Posts
            ACCEPTED ANSWER

            Re: How to delete REST sessions

            ‏2012-06-20T14:04:20Z  in response to cglockner
            But cookie handling is very important otherwise you burn sessions with ever request and they linger around for 30 minutes afterward. To not even mention that you should do this and to not give and example of how is an abomination of the documentation. And to return 200, as if you were successful, when you didn't delete any session is just plain wrong.

            I know how to set cookies. I've done it before. But I haven't done it using the Perl module REST::Client and the documentation doesn't say how to do with REST::Client. What's up with REST? Is it synonymous with "I won't tell you how to do it"???
            • cglockner
              cglockner
              345 Posts
              ACCEPTED ANSWER

              Re: How to delete REST sessions

              ‏2012-06-20T14:10:24Z  in response to SystemAdmin
              Hi Andrew,

              I haven't tried it, but since Cookie information is just stored in the header, the addHeader method of REST::Client seems to be the right choice:

              
              addHeader ( $header_name, $value )   Add a custom header to any requests made by 
              
              this client.
              


              -Christian
              • SystemAdmin
                SystemAdmin
                24948 Posts
                ACCEPTED ANSWER

                Re: How to delete REST sessions

                ‏2012-06-20T14:21:05Z  in response to cglockner
                Am I just brain farting this morning? Sorry. Don't know how I didn't naturally see or research this properly. Right there out in the open! Now I feel stupid. I guess now it's time for me to figure out how to get the JSESSIONID they say I need. It hands back a bunch of XML and I know I saw JESSIONID in it...

                Thanks.
                • cglockner
                  cglockner
                  345 Posts
                  ACCEPTED ANSWER

                  Re: How to delete REST sessions

                  ‏2012-06-20T14:24:44Z  in response to SystemAdmin
                  Getting the JSESSIONID should be as simple as caling responseHeaders() to see if there is a Set-Cookie header and then calling responseHeader() with the Set-Cookie parameter to get the value. This may need some parsing, but should be easy to do.
                  • SystemAdmin
                    SystemAdmin
                    24948 Posts
                    ACCEPTED ANSWER

                    Re: How to delete REST sessions

                    ‏2012-06-20T20:56:06Z  in response to cglockner
                    OK, time for an example. What am I doing wrong. When the attached is run I get:

                    $ export nbrLoops=3
                    $ export CQ_USERNAME=admin
                    $ export CQ_PASSWORD=<$CQ_USERNAME's password>
                    $ testibm.pl
                    Calling getRecord for VersionInfo:1.0
                    GET returned JSESSIONID of 0000fVAjhG-5zE4d17NtKbE6Mrv:-1; Path=/
                    Iterration 0: id: http://cq-irva-01/cqweb/oslc/repo/MCBU/db/t_sbx/record/16799384-33633277
                    GET returned JSESSIONID of 0000B-x84btmnl3cQiDHcWp3-7a:-1; Path=/
                    Iterration 1: id: http://cq-irva-01/cqweb/oslc/repo/MCBU/db/t_sbx/record/16799384-33633277
                    GET returned JSESSIONID of 0000OiO--Cnj7BRi9ARN0zUFulW:-1; Path=/
                    Iterration 2: id: http://cq-irva-01/cqweb/oslc/repo/MCBU/db/t_sbx/record/16799384-33633277
                    After delete of session response code = 200

                    You can see that each of the session ids are different. Additionally none are deleted as CQ Web still shows, in this case, 3 admin sessions lingering.
                    • cglockner
                      cglockner
                      345 Posts
                      ACCEPTED ANSWER

                      Re: How to delete REST sessions

                      ‏2012-06-21T07:01:54Z  in response to SystemAdmin
                      Hi Andrew,

                      Could you post the relevant bits of the code here?
                      Also, make sure you use the correct value for the JSESSIONID: In your example the JSESSIONID should only be 0000fVAjhG-5zE4d17NtKbE6Mrv:-1, i.e. less the trailing "; Path=/".

                      -Christian
                      • SystemAdmin
                        SystemAdmin
                        24948 Posts
                        ACCEPTED ANSWER

                        Re: How to delete REST sessions

                        ‏2012-06-21T07:32:06Z  in response to cglockner
                        I attached a copy of the code already. Reproduced here:

                        #!/usr/bin/perl
                        use strict;
                        use warnings;

                        use REST::Client;
                        use MIME::Base64;
                        use XML::Simple;

                        my $webhost = 'cq-irva-01';
                        my $dbset = 'MCBU';
                        my $db = 't_sbx';
                        my $username = $ENV{CQ_USERNAME};
                        my $password = $ENV{CQ_PASSWORD};
                        my $session;

                        my ${login} = {
                        Accept => 'application/xml',
                        Authorization => 'Basic ' . encode_base64 "$username:$password",
                        };

                        my $rest = REST::Client->new (
                        host => "http://$webhost",
                        timeout => 15,
                        follow => 1,
                        );

                        sub getRecord($$) {
                        my ($table, $key) = @_;

                        my $query = "/cqweb/oslc/repo/$dbset/db/$db/record/?rcm.type=$table&";

                        # If $key has an equal sign then this is a query.
                        $query .= $key =~ /=/ ? "oslc_cm.query=$key" : "rcm.name=$key";

                        $rest->addHeader ('JSESSIONID', $session) if $session;

                        $rest->GET ($query, $login);

                        # Set $session
                        ($session) = ($rest->responseHeader ('Set-Cookie') =~ /JSESSIONID=(.+)/);

                        print "GET returned JSESSIONID of $session\n";

                        my $responseCode = $rest->responseCode;

                        if ($responseCode == 200) {
                        my $result = XMLin ($rest->responseContent);

                        return $result->{entry}->{id};
                        } else {
                        print "Record not found (Table: $table, Key: \"$key\")";

                        return $responseCode;
                        } # if
                        } # getRecord

                        my $table = 'VersionInfo';
                        my $key = '1.0';

                        print "Calling getRecord for $table:$key\n";

                        my $nbrLoops = $ENV{nbrLoops} || 1;

                        for (my $i = 0; $i < $nbrLoops; $i++) {
                        print "Iterration $i: id: " . getRecord ($table, $key) . "\n";
                        } # for

                        1. Delete session
                        $rest->addHeader ($session);
                        $rest->DELETE ('/cqweb/oslc/session/');

                        print "After delete of session response code = " . $rest->responseCode . "\n";

                        I tried using JSESSIONID to be 'less the trailing "; Path=/"' and there was no difference.
                        • cglockner
                          cglockner
                          345 Posts
                          ACCEPTED ANSWER

                          Re: How to delete REST sessions

                          ‏2012-06-21T07:42:37Z  in response to SystemAdmin
                          Hi Andrew,

                          At first glance this looks fine to me - it would be interesting to see what actually is sent on the wire. Any chance you could do a network trace to see if the script actually sends the correct headers back to CQ Web once it has received a JSESSIONID?

                          -Christian
                          • SystemAdmin
                            SystemAdmin
                            24948 Posts
                            ACCEPTED ANSWER

                            Re: How to delete REST sessions

                            ‏2012-06-21T14:24:58Z  in response to cglockner
                            Never ran a network trace before so I have no idea. Perhaps I should look at the log files but IIRC last time I looked it said nothing really. It does return a 200 as if it supposedly worked, but it didn't.

                            Any chance you could run it on your end with appropriate modifications for your environment and report back it if works or doesn't work? How do you do your REST stuff? Are you sure you don't burn up login sessions?
                            • cglockner
                              cglockner
                              345 Posts
                              ACCEPTED ANSWER

                              Re: How to delete REST sessions

                              ‏2012-06-21T15:00:26Z  in response to SystemAdmin
                              Hi Andrew,

                              just had another look at your code and spotted this:

                              
                              $rest->addHeader (
                              'JSESSIONID', $session) 
                              
                              if $session;
                              


                              This is wrong. What you're doing there is set a header called "JSESSIONID", with the JSESSIONID as its value. But what you really need to do is this:

                              
                              $rest->addHeader (
                              'Cookie', 
                              'JSESSIONID='.$session) 
                              
                              if $session;
                              


                              i.e. set a header named "Cookie" with its value being a key=value pair.

                              -Christian
                              • SystemAdmin
                                SystemAdmin
                                24948 Posts
                                ACCEPTED ANSWER

                                Re: How to delete REST sessions

                                ‏2012-06-21T15:36:28Z  in response to cglockner
                                This is interesting and would explain it. Are you sure I'm supposed to say "Cookie"? I ask because as you can see, I extract the session looking for the header that said "Set-Cookie".
                                • cglockner
                                  cglockner
                                  345 Posts
                                  ACCEPTED ANSWER

                                  Re: How to delete REST sessions

                                  ‏2012-06-21T15:39:18Z  in response to SystemAdmin
                                  Yes, "Set-Cookie" is the header that the server returns to the client, and from that point on the browser is suppose to return a "Cookie" header. It's all in the Wikipedia entry I pointed you to earlier in the thread.
                                  • SystemAdmin
                                    SystemAdmin
                                    24948 Posts
                                    ACCEPTED ANSWER

                                    Re: How to delete REST sessions

                                    ‏2012-06-22T05:08:57Z  in response to cglockner
                                    That turned out to be the answer. Thanks. This has been resolved. Wish there were better example code in the documentation which seems pretty void any examples.
                              • prasadtadi
                                prasadtadi
                                1 Post
                                ACCEPTED ANSWER

                                Re: How to delete REST sessions

                                ‏2013-06-26T15:08:53Z  in response to cglockner

                                Thank you.

                                It helped me to fix my code. Now my number of sessions dropped from 100's to one :-)