Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Bricolage: users

"Expected Token Not Present" Error

 

 

Bricolage users RSS feed   Index | Next | Previous | View Threaded


brian.percival at targetlabs

Sep 12, 2011, 1:15 PM

Post #1 of 9 (1097 views)
Permalink
"Expected Token Not Present" Error

Increasingly, our users keep getting an error returned.
All that gets returned by the browser is "Expected Token Not Present".
It's usually displayed after someone click "Save And Stay" in a story but
has been experienced in adding categories, uploading media, etc...
This occurs in every browser but what usually does solve it is if they go
to
another browser or delete their cache and cookies. This is leading me to
somehow a token not not getting set write in Bricolage and errors out when
Bricolage tries to read the token correctly.

Any known issues or experience with this?

Thanks,

Brian


ps at phillipadsmith

Sep 12, 2011, 1:32 PM

Post #2 of 9 (1005 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

On 2011-09-12, at 4:15 PM, Brian Percival wrote:

> Any known issues or experience with this?

I've never seen that error…

What's your set-up? Bricolage version, server OS, database, etc.?


david at kineticode

Sep 12, 2011, 2:02 PM

Post #3 of 9 (1008 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

On Sep 12, 2011, at 1:32 PM, Phillip Smith wrote:

> I've never seen that error…
>
> What's your set-up? Bricolage version, server OS, database, etc.?

Also check your template sources for that string. Doesn't sound like a core Bricolage error.

Best,

David


brian.percival at targetlabs

Sep 13, 2011, 8:15 AM

Post #4 of 9 (1006 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

Thanks for your response.
I doing some additional research, we found that it seems to be from
Bricolage killing the http process after reaching the max_process_size that
is currently defined in our Bricolage config at 222880.

CHECK_PROCESS_SIZE = Yes
MAX_PROCESS_SIZE = 222880
CHECK_FREQUENCY = 10
MIN_SHARE_SIZE = 0
MAX_UNSHARED_SIZE = 0

I am seeing sizes of the http process of 354088, 373852, 347992 before the
process is being killed so I have raised it to 512000. But this poses
another question. What is the recommended size under a normal load? extra
load, etc..? Do these higher http sizes indicate another problem in our
setup?

Thanks,

Brian

On Mon, Sep 12, 2011 at 5:02 PM, David E. Wheeler <david [at] kineticode>wrote:

> On Sep 12, 2011, at 1:32 PM, Phillip Smith wrote:
>
> > I've never seen that error…
> >
> > What's your set-up? Bricolage version, server OS, database, etc.?
>
> Also check your template sources for that string. Doesn't sound like a core
> Bricolage error.
>
> Best,
>
> David




--
Thanks for using Target Labs, Inc.!
Sincerely,
The Target Labs, Inc. Team

Brian Percival
brian.percival [at] targetlabs
Washington D.C. 301.842.7151
Florida: 954.393.3905
Google Talk: bpercival [at] gmail
Messenger: live [at] brianpercival
Skype: bjpercival <bpercival [at] gmail>


david at kineticode

Sep 13, 2011, 9:44 AM

Post #5 of 9 (1003 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

On Sep 13, 2011, at 8:15 AM, Brian Percival wrote:

> I am seeing sizes of the http process of 354088, 373852, 347992 before the
> process is being killed so I have raised it to 512000. But this poses
> another question. What is the recommended size under a normal load? extra
> load, etc..? Do these higher http sizes indicate another problem in our
> setup?

It depends on your setup. How big are they when you first start and before they handle any requests? How big are they after handling a bunch of UI requests (like editing a large story)? How big are they after a publish? Three publishes? A publish that calls burn_another() to publish 12 other stories?

Look at those details, decide how much you can handle (remember that at startup nearly all of the memory of in child process is shared with its parent), how often you want them reclaimed, and what's reasonable given the workload you put on your Bricolage server.

HTH,

David


brian.percival at targetlabs

Sep 14, 2011, 9:15 AM

Post #6 of 9 (991 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

Thanks for the response David.
I actually have found the "Expected Token not Present" specific error to be
under Apache's Request handler and apparently in parsing a cookie in the
request.
http://httpd.apache.org/apreq/docs/libapreq2/group__apreq__xs__apr__request__error.html

I'm assuming this is a cookie set by Bricolage as that is the only
application this issue is appearing but not sure why it's JUST happening now
during the last week.


On Tue, Sep 13, 2011 at 12:44 PM, David E. Wheeler <david [at] kineticode>wrote:

> On Sep 13, 2011, at 8:15 AM, Brian Percival wrote:
>
> > I am seeing sizes of the http process of 354088, 373852, 347992 before
> the
> > process is being killed so I have raised it to 512000. But this poses
> > another question. What is the recommended size under a normal load? extra
> > load, etc..? Do these higher http sizes indicate another problem in our
> > setup?
>
> It depends on your setup. How big are they when you first start and before
> they handle any requests? How big are they after handling a bunch of UI
> requests (like editing a large story)? How big are they after a publish?
> Three publishes? A publish that calls burn_another() to publish 12 other
> stories?
>
> Look at those details, decide how much you can handle (remember that at
> startup nearly all of the memory of in child process is shared with its
> parent), how often you want them reclaimed, and what's reasonable given the
> workload you put on your Bricolage server.
>
> HTH,
>
> David
>
>


--
Thanks for using Target Labs, Inc.!
Sincerely,
The Target Labs, Inc. Team

Brian Percival
brian.percival [at] targetlabs
Washington D.C. 301.842.7151
Florida: 954.393.3905
Google Talk: bpercival [at] gmail
Messenger: live [at] brianpercival
Skype: bjpercival <bpercival [at] gmail>


david at kineticode

Sep 15, 2011, 8:06 AM

Post #7 of 9 (989 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

On Sep 14, 2011, at 11:15 AM, Brian Percival wrote:

> Thanks for the response David.
> I actually have found the "Expected Token not Present" specific error to be
> under Apache's Request handler and apparently in parsing a cookie in the
> request.
> http://httpd.apache.org/apreq/docs/libapreq2/group__apreq__xs__apr__request__error.html
>
> I'm assuming this is a cookie set by Bricolage as that is the only
> application this issue is appearing but not sure why it's JUST happening now
> during the last week.

So, what has changed on this server in the last week?

Best,

David


herringm at denison

Sep 16, 2011, 4:51 AM

Post #8 of 9 (989 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

Out of curiosity was the following directive applied to mitigate the
zero day Apache vulnerability [CVE-2011-3192]?

LimitRequestFieldSize 200

"Limit the size of the request field to a few hundred bytes. Note that
while this keeps the offending Range header short - it may break other
headers; such as sizeable cookies or security fields."

See more here:
http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082427.html

-Michael

On 9/15/2011 11:06 AM, David E. Wheeler wrote:
> On Sep 14, 2011, at 11:15 AM, Brian Percival wrote:
>
>> Thanks for the response David.
>> I actually have found the "Expected Token not Present" specific error to be
>> under Apache's Request handler and apparently in parsing a cookie in the
>> request.
>> http://httpd.apache.org/apreq/docs/libapreq2/group__apreq__xs__apr__request__error.html
>>
>> I'm assuming this is a cookie set by Bricolage as that is the only
>> application this issue is appearing but not sure why it's JUST happening now
>> during the last week.
> So, what has changed on this server in the last week?
>
> Best,
>
> David
>

--
Michael Herring
Information Technology Services
Web Developer
Denison University
740-587-6360
herringm [at] denison


brian.percival at targetlabs

Sep 19, 2011, 8:53 AM

Post #9 of 9 (971 views)
Permalink
Re: "Expected Token Not Present" Error [In reply to]

Thanks Michael,

We are on Apache 2.2.3 so that vulnerability was patched in 2.2.20 but I am
now looking at any side affects of that fix.

On Fri, Sep 16, 2011 at 7:51 AM, Michael Herring <herringm [at] denison>wrote:

> Out of curiosity was the following directive applied to mitigate the zero
> day Apache vulnerability [CVE-2011-3192]?
>
> LimitRequestFieldSize 200
>
> "Limit the size of the request field to a few hundred bytes. Note that
> while this keeps the offending Range header short - it may break other
> headers; such as sizeable cookies or security fields."
>
> See more here: http://lists.grok.org.uk/**pipermail/full-disclosure/**
> 2011-August/082427.html<http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082427.html>
>
> -Michael
>
>
> On 9/15/2011 11:06 AM, David E. Wheeler wrote:
>
>> On Sep 14, 2011, at 11:15 AM, Brian Percival wrote:
>>
>> Thanks for the response David.
>>> I actually have found the "Expected Token not Present" specific error to
>>> be
>>> under Apache's Request handler and apparently in parsing a cookie in the
>>> request.
>>> http://httpd.apache.org/apreq/**docs/libapreq2/group__apreq__**
>>> xs__apr__request__error.html<http://httpd.apache.org/apreq/docs/libapreq2/group__apreq__xs__apr__request__error.html>
>>>
>>> I'm assuming this is a cookie set by Bricolage as that is the only
>>> application this issue is appearing but not sure why it's JUST happening
>>> now
>>> during the last week.
>>>
>> So, what has changed on this server in the last week?
>>
>> Best,
>>
>> David
>>
>>
> --
> Michael Herring
> Information Technology Services
> Web Developer
> Denison University
> 740-587-6360
> herringm [at] denison
>
>


--
Thanks for using Target Labs, Inc.!
Sincerely,
The Target Labs, Inc. Team

Brian Percival
brian.percival [at] targetlabs
Washington D.C. 301.842.7151
Florida: 954.393.3905
Google Talk: bpercival [at] gmail
Messenger: live [at] brianpercival
Skype: bjpercival <bpercival [at] gmail>

Bricolage users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.