Just using the haproxy, not including the CDN - I am able to reproduce the problem. It appears that for some reason, the JSESSIONID cookie just disappears and an new one gets created. I've looked through the logs and I am not seeing any of the backend servers going offline. Strangely enough I cannot reproduce this with chrome or firefox, and if I point my IE browser to the backend server it is not reproducible either. We have upgraded to 1.6.9 as well, but the problem still persists.
Here are the logs, slightly obfuscated: Jan 16 22:14:54 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:50.996] search_ssl blue/blue 973/0/0/2548/3521 302 217 - - ---- 6/6/0/1/0 0/0 "POST /index.expandedbasicsearchbox_0.searchform HTTP/1.1" Jan 16 22:14:54 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:54.516] search_ssl blue/blue 14/0/1/318/336 200 36322 - - ---- 6/6/0/1/0 0/0 "GET /results/9C00EFF735954E85PQ/1?accountid=XXXXXX HTTP/1.1" Jan 16 22:14:54 localhost haproxy[25984]: X.X.X.X:56801 [16/Jan/2017:22:14:46.028] search_ssl blue/blue 8943/0/0/3/8946 304 85 - - ---- 6/6/1/2/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/extras/analytics/GTMContainer.js HTTP/1.1" Jan 16 22:14:54 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:54.852] search_ssl blue/blue 119/0/0/3/122 304 85 - - ---- 6/6/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/tree.css HTTP/1.1" Jan 16 22:14:55 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:54.975] search_ssl blue/blue 81/0/0/2/83 200 1781 - - ---- 6/6/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/images/icons/sourcetype/dissertationstheses_src_sm.png HTTP/1.1" Jan 16 22:14:58 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:55.058] search_ssl blue/blue 3233/0/0/99/3332 200 420 - - ---- 2/2/0/1/0 0/0 "POST /results.smartsearchresults.smartsearchresultslist.progressivedisplay?t:ac=9C00EFF735954E85PQ/1 HTTP/1.1" Jan 16 22:15:02 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:14:58.390] search_ssl blue/blue 4129/0/0/184/4313 200 18078 - - ---- 2/2/0/1/0 0/0 "GET /docview/543976450/9C00EFF735954E85PQ/1?accountid=XXXXXX HTTP/1.1" Jan 16 22:15:02 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:02.703] search_ssl blue/blue 93/0/0/2/95 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/tree.css HTTP/1.1" Jan 16 22:15:02 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:02.799] search_ssl blue/blue 150/0/0/2/152 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/extras/analytics/GTMContainer.js HTTP/1.1" Jan 16 22:15:05 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:02.951] search_ssl blue/blue 1572/0/0/731/2303 200 153 - - ---- 2/2/1/2/0 0/0 "POST /pagepdf.headertitle:imagecheck?t:ac=543976450/Record/9C00EFF735954E85PQ/1 HTTP/1.1" Jan 16 22:15:05 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:05.214] search_ssl blue/blue 13/0/0/28/41 200 153 - - ---- 2/2/0/1/0 0/0 "POST /pagepdf.ebraryrelateddocs.display?t:ac=543976450/Record/9C00EFF735954E85PQ/1 HTTP/1.1" Jan 16 22:15:05 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:05.256] search_ssl blue/blue 371/0/0/234/605 200 5365 - - ---- 2/2/0/1/0 0/0 "GET /docview/543976450/9C00EFF735954E85PQ/1?accountid=XXXXXX HTTP/1.1" Jan 16 22:15:06 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:05.861] search_ssl blue/blue 383/0/0/2/385 304 137 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/stack/en/core.js HTTP/1.1" Jan 16 22:15:06 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:06.245] search_ssl blue/blue 311/0/0/2/313 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/stack/en/pqcore.js HTTP/1.1" Jan 16 22:15:06 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:06.559] search_ssl blue/blue 102/0/1/1/104 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/stack/en/os-std.js HTTP/1.1" Jan 16 22:15:06 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:06.663] search_ssl blue/blue 332/0/0/2/334 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/app/components/GoogleAnalytics.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:06.998] search_ssl blue/blue 7/0/0/2/9 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/app/components/DonorBranding.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.006] search_ssl blue/blue 6/0/1/1/8 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/pqc/javascript/prototip/js/prototip.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.015] search_ssl blue/blue 36/0/0/1/37 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/default.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.053] search_ssl blue/blue 28/0/0/2/30 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/tapestry-console.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.083] search_ssl blue/blue 12/0/1/1/14 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/t5-alerts.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.098] search_ssl blue/blue 5/0/0/2/7 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/tree.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.105] search_ssl blue/blue 35/0/0/2/37 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/pqc/javascript/prototip/css/prototip.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.142] search_ssl blue/blue 215/0/0/2/217 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/styles/PageLayout.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.360] search_ssl blue/blue 24/0/0/2/26 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/styles/ContentLayout.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.386] search_ssl blue/blue 100/0/0/2/102 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/css/uxf-1.0.0-teal.min.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.489] search_ssl blue/blue 107/0/1/6/114 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/styles/overRide.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.603] search_ssl blue/blue 43/0/0/2/45 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/styles/IE_icons.css HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.649] search_ssl blue/blue 48/0/1/1/50 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/extras/analytics/GTMContainer.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.699] search_ssl blue/blue 9/0/0/2/11 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/extras/pdo/html5shiv.min.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.710] search_ssl blue/blue 50/0/0/8/58 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/extras/pdo/respond.min.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.769] search_ssl blue/blue 125/0/1/1/127 304 85 - - ---- 2/2/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/spacer.gif HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56845 [16/Jan/2017:22:15:07.896] search_ssl blue/blue 72/0/1/1/74 304 190 - - ---- 4/4/3/4/0 0/0 "GET /extras/webtrends/webtrends10.3.7.js HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:05.253] search_ssl blue/blue 2716/0/0/2/2718 304 85 - - ---- 4/4/2/3/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/fonts/Roboto-Regular-webfont.eot? HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56846 [16/Jan/2017:22:15:07.962] search_ssl blue/blue 7/0/1/2/10 304 85 - - ---- 4/4/1/2/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/fonts/aleo-regular-webfont.eot? HTTP/1.1" Jan 16 22:15:07 localhost haproxy[25984]: X.X.X.X:56847 [16/Jan/2017:22:15:07.962] search_ssl blue/blue 7/0/0/3/10 304 85 - - ---- 4/4/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/fonts/RobotoSlab-Regular-webfont.eot? HTTP/1.1" Jan 16 22:15:08 localhost haproxy[25984]: X.X.X.X:56847 [16/Jan/2017:22:15:07.973] search_ssl blue/blue 41/0/0/2/43 304 85 - - ---- 4/4/1/2/0 0/0 "GET /assets/r20171.1.0.530.1253/core/field-error-marker.gif HTTP/1.1" Jan 16 22:15:08 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:07.972] search_ssl blue/blue 42/0/0/2/44 304 85 - - ---- 4/4/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/images/pq-logo-footer.png HTTP/1.1" Jan 16 22:15:08 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:08.015] search_ssl blue/blue 29/0/0/2/31 304 85 - - ---- 4/4/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/core/ajax-loader.gif HTTP/1.1" Jan 16 22:15:08 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:08.047] search_ssl blue/blue 3/0/1/1/5 304 85 - - ---- 4/4/0/1/0 0/0 "GET /assets/r20171.1.0.530.1253/ctx/uxframework/images/pq-logo.png HTTP/1.1" Jan 16 22:15:08 localhost haproxy[25984]: X.X.X.X:56814 [16/Jan/2017:22:15:08.052] search_ssl blue/blue 306/0/0/1/307 304 189 - - ---- 4/4/0/1/0 0/0 "GET /extras/webtrends/modifyHit.js HTTP/1.1" -----Original Message----- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Tuesday, October 25, 2016 8:55 AM To: Stroehmann, James <james.stroehm...@proquest.com> Cc: 'haproxy@formilux.org' <haproxy@formilux.org> Subject: Re: Issue with windows IE 11 and Edge [External Email] On Mon, Oct 24, 2016 at 03:14:59PM +0000, James Stroehmann wrote: > We have updated our test instance of HAProxy to 1.6.9 but are still > able to reproduce the issue. > > > From: Stroehmann, James > Sent: Friday, October 07, 2016 2:44 PM > To: haproxy@formilux.org > Subject: Issue with windows IE 11 and Edge > > We have a website that is setup like this: > > CDN -> HAPROXY -> ELB -> APACHE -> TOMCAT > > We are seeing with IE11 and Edge clients they will randomly lose their > session and get kicked out to a login screen. Firefox, Chrome and > older IE clients appear unaffected. Testing at all the different > layers, we can reproduce against the HAProxy and CDN layers, but not > the ELB/Apache/Tomcat layers, which leads us to believe the problem > lies at the HAProxy layer.We are using HA-Proxy version 1.6.3 > 2015/12/25, compiled from source. I'm not seeing any errors in the > haproxy logs, any ideas as to where to start troubleshooting? Well technically speaking what can be said is that adding CDN+haproxy triggers the problem. Without your config it's very hard to have any idea about this. It will be important to see how you perform your stickiness, how health checks are performed (because if your apache servers are regularly seen up and down from haproxy, for sure the users will be redistributed to another location). Also have you looked at your haproxy stats to see if your servers are seen down from time to time ? And what do you see in haproxy logs for users affected with the problem ? The termination flags should almost always be "--". If you often see something different, it might indicate an issue somewhere in the chain. Most often with cookie insertion, you'll see "--NI" for new users getting a new cookie, and "--VN" for existing visitors posting a valid cookie. Anything else should be studied. Regards, Willy
