syncId, clientId - Explanation

Hello,

can someone explain me what is the role of
syncId
aswell as the
clientId
?
There are placed in the
csrf-token
which is in turn placed in the http request.
I know that the
csrf token
is a protection against csrf-attacks, but it contains more value than other csrf-token I have seen.

Best regards,
Nazar Medeiros

If you watch this webinar where we are configure performance testing with Jmeter, this question of yours gets covered pretty well too. https://www.youtube.com/watch?v=XQ1ws12W6gk

is the usage of the clientId something new? Because I look a page which is built with vaadin and using the network inspector showed me, that no clientId was visible…only the syncId.

For example this page:

https://demo.vaadin.com/dashboard/#!schedule

To be honest the diffrence is not clear to me. In the video it says that the syncId takes care that no requests are dropped between other requests. A typical identifier for each request, but the clientId is the same too wright? The only difference I can see is that clientId increases from some client-side interactions only.

Thanks in advance!
Best regards,
Nazar

Mr. Lund I was wondering if you could give more explanation about the both ids.
I really really have to understand what they are used for =)

Best regards,
Nazar

Taken from https://vaadin.com/blog/performance-testing-a-vaadin-application-part-2-application-internals:

Synchronization tokens
To ensure messages are processed in the correct order, the framework uses two synchronization tokens internally: syncId (server-to-client) and clientId (client-to-server). Every time a new request is sent from a browser, the clientId is incremented by one and added to a payload. If the expected and received values do not match on a server, a re-synchronization attempt should be issued.
The syncId token, in contrast to the clientId, is incremented by one with every response from a server. A client always appends the last seen syncId value to a payload. This guarantees that requests are processed in the correct order on a server. If the received value is larger than expected, the operation is postponed until the missing messages arrive. A syncId’s value verification can be disabled in an application to simplify the load and scalability tests that are run.

This is internal sync mechanism in Vaadin, but since these tokens are quite visible in data messages and debug messages, it makes sense to add them into our docs, see Describe syncId and clientId and overall client-server messaging · Issue #3911 · vaadin/docs · GitHub