Rare "Session time out" and / or "Communication problem"

Dear Vaadin people,

We are using vaadin 6.6 release in production for our company. Currently we get very frequently (random time) “Session Expired” and sometimes “Communication error” messages.
That make our user experience very uncomfortable. Our session into web.xml is set to 60 (minutes). Additionally we are using “session guard” to enlarge user session automatically.
We compile vaadin widgetset before every release (using maven plug in).

We are using vaadin in a cluster environment (using varnish: www.varnish-cache.org) to provide load balance. For vaadin we are using “sticky sessions” (based on the JSESSIONID - cookie, which is sent by glassfish), that mean, after a session are stablished with server X, server X will respond during the whole session.

Please help us to debug this problem and find out what is wrong.
Thanks guys !

Hi Vaadins Team,

To try to debug my problem I need more details about how is the communication beetwen vaadin server-side and vaadin-frontend-side (widgetset).
I guess that vaadin realize ajax calls to interchange information through UIDL language.
If I am correct:

  • Which variables use vaadin to keep session alive or identify a client?
  • How work exactly this process/logic ?
  • What can get wrong ?

Thanks again.


  • In our test without using varnish-cache.org, apparently no session time out has been detected.
  • Upgrade to vaadin 6.7.8

I’m not familiar with Varnish Cache and most likely can’t give you an answer, but maybe I can point to something that might help. My first intuition is that it is in fact the load balancer that is causing the problems. Maybe Vaadin gets info of the load balancer at times while at other times it gets info of server x, leading to inconsistencies. Clearly this is not my field of speciality, so onwards to pointers.

  • Vaadin uses in fact UIDL on every server roundtrip. You can se the UIDL by opening chrome inspector’s or Firefox Firebug’s network tab and clicking in the UI. Every roundtrip will add a UIDL request and you can see the whole request/response
  • Vaadin takes in the user request at
    . The first thing it does with the request is finding the application instance with the calls to the methods findApplicationInstance and startApplication. If these methods finds inconsistencies between the application instance in memory and the request they got from the browser, then they will throw exceptions.
  • At the end of that service method mentioned in the last point, the exceptions are catched and handled. These catch clauses are those that display the “session expired”, “communication error” and “invalid security key” messages. Could you possibly set up remote debugging into the production server and breakpoints into these catch clauses, as well as into the parts of the findApplicationInstance/startInstance that throws these exceptions? Setting a general caught and uncaught exception breakpoint on SessionExpiredException and GeneralSecurityException might also be a good approach.

Hope is was of any help.

Thanks Jens for your fast response.
Scheduled to my test cases !
We will try you approach setting breakpoint in the mentioned points.

If I remember correctly, JSESSIONID-based sticky sessions should work.

Can you check that the sessions actually stay on the same server rather than the “sticky sessions” just being considered a hint that your load balancer may ignore in some situations?

Hi, I’m Udo, SysOp and responsible for the infrastructure at Carlos’ company.

We have tried different things with finding this error:

  • Load balancer (varnish, doing sticky sessions using JSESSIONID cookie) to 4 appservers
  • Varnish using only one appserver (no load balancing)
  • Nginx (which we use to handle SSL to the vaading APP) doing SSL/NoSSL to one appserver.

All these tricks/trials did not help very much. Things got better/worse but did not improve overall.

Maybe follow bug is related ? https://www.varnish-cache.org/trac/ticket/849

I had a second look at the source code. (It is of another version of Vaadin but I think the priciple is still the same)

The only piece of code that I found that can cause an session expired message is in AbstractApplicationServlet.getExistingApplication(HttpServletRequest request, boolean allowSessionCreation):

// Ensures that the session is still valid
final HttpSession session = request.getSession(allowSessionCreation);
if (session == null) {
  throw new SessionExpiredException();

The allowSessionCreation is only true for the first request to the application (when the user enters the application) and after that it is always false. When it is false, it won’t create a new method inline. For some reason, the old session is not in the http request anymore. and that method returns null.

Why the session is not returned or not in the request is a question I can’t answer without debug info.

Thanks Jens, we are configuring our server to do a debug and try to reproduce it bug. You get more debug info when I obtain it.

Hello Vaadin Team,

There is good news. Our senior QA expert has realized 2 simple test.
A - The first one was a test accessing our vaadin app. direct in front of our load balance infrastructure (based on Varnish and nginx). A long time demand process after 1 minute produce our acquaintance time out problem.
B - A second test was accessing our vaadin app.
without using load balance
, else direct going to our backend server. The long time demand process has not produced a time out, finished correctly and demonstrating that vaadin work like a charm.

The server nginx has produced in A a time out after 60 seconds request process, producing vaadin communication problem (because server time out). Then we assume that session time out was always a configuration problem and no related to vaadin :slight_smile:
I would like to close this thema until our admins fix configuration on server side.

I thanks you vaadin team for the great work !

were you able to get rid of this issue? I am stuck in the similar problem. When I access the application through load balancers the session expires within 10 secs. But when I access it directly it works fine. Can you please share what kind of server config fix did u have to do?


I just wanted to update on the issue in case anyone is looking for fix

Our server setup includes BigIP load balancer → 2 apache(2.2) web servers → 2 Tomcat (7.0) servers

Issue: When using Vaadin application, we randomly recieve “Communication error” followed by IOException Socket read timeout.

Fix: We turned keep-alive OFF on apache servers and so far its going good. We do NOT see any more communication or socket read erros.

Refer these links https://vaadin.com/forum#!/thread/273087

Browser version IE9

I did the following 2 things for Vaadin 7.4.1, Tomcat 7 and JavaFX 8:

  1. I turned off keep alive in Tomcat 7 by setting maxKeepAliveRequests=1
    [ see

  2. I turned off heartbeatInterval from the VaadinUI. I think the heartbeatInterval was the real problem.

Thanks for insight. This forum entry helped.

Can you please advise on how to turn off the heartbeatInterval from the VaadinUI?