Session Persistence

Morgan Kisienya morgan at doveria.com
Wed Mar 2 13:55:05 UTC 2022


Hi,

We are running nginx opensource with modsecuity. Nginnx is a proxy server.

We are also running an application, (which we proxy using nginx) that
crates reports and downloads images.

We are facing an issue with nginx session persistence.

During report creation, not all images are downloaded to the report. When
the page is refreshed, other images different from the initial ones are
displayed.

Nginx access.log shows the following

GET /prod/reportImage?rnd=1661411659&image=img_0_0_5 HTTP/1.1" 500 1692

Modscurity log shows the following


!doctype html><html lang="en"><head><title>HTTP Status 500 \xe2\x80\x93
Internal Server Error</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 500 \xe2\x80\x93 Internal Server Error</h1><hr class="line"
/><p><b>Type</b> Exception Report</p><p><b>Message</b> No JasperPrint
documents found on the HTTP session.</p><p><b>Description</b> The server
encountered an unexpected condition that prevented it from fulfilling the
request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: *No
JasperPrint documents found on the HTTP
session.*\x0a\x09net.sf.jasperreports.j2ee.servlets.ImageServlet.service(ImageServlet.java:95)\x0a\x09javax.servlet.http.HttpServlet.service(HttpServlet.java:742)\x0a\x09org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\x0a\x09com.ltc.app.server.ClickjackFilter.doFilter(ClickjackFilter.java:117)\x0a\x09org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)\x0a</pre><p><b>Note</b>
The full stack trace of the root cause is available in the server
logs.</p><hr class="line" /><h3>Apache Tomcat/8.5.41</h3></body></html>

Appreciate your help

*Morgan Kisienya*
*Managed Security Services*

*PO Box 139 Wahroonga NSW 2076*
*Mobile: +254 733 698 394*

*Web    : www.doveria.com <http://www.doveria.com/>Email : **morgan at doveria.com
<morgan at doveria.com>*



The content of this email is confidential and intended for the recipient
specified in message only. It is strictly forbidden to share any part of
this message with any third party without a written consent of the sender.
If you received this message by mistake, please reply to this message and
follow with its deletion, so that we can ensure such a mistake does not
occur in the future.

Doveria puts the security of the client at a high priority. Therefore, we
have put efforts into ensuring that the message is error and virus-free.
Unfortunately, full security of the email cannot be ensured as, despite our
efforts, the data included in emails could be infected, intercepted, or
corrupted. Therefore, the recipient should check the email for threats with
proper software, as the sender does not accept liability for any damage
inflicted by viewing the content of this email.

Please do not print this email unless it is necessary. Every un-printed
email helps the environment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220302/df28fc5a/attachment.htm>


More information about the nginx-devel mailing list