500 - Internal Server Error

Cristian Gilè
16 April 2009, 17:51
I have an e-commerce application running on hiawatha. When i put some products in the cart all is good but when the numbers of products is bigger hiawatha returns 500 Internal Server Error.
It seems that it can't manage large session data. Using apache the application doesn't crash.
Probably i have to set an option in the config file.


Hugo Leisink
16 April 2009, 18:22
Can you tell me what the error logfile says? What e-commerce application are you using?
Cristian Gilè
16 April 2009, 20:09
Nothing in the log file. It's a custom e-commerce application developed by me using codeigniter framework.
Hugo Leisink
16 April 2009, 23:37
When products are placed in the shopping cart, do you place them in $_SESSION or in $_COOKIES?
Cristian Gilè
17 April 2009, 13:01
I'm using the Session class of codeigniter. The Session class stores session information as serialized data in a database table and the session ID in the user's cookie.
Cristian Gil?
17 April 2009, 13:15
For your reference, this is the session configuration array of codeigniter:

| Session Variables
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie
| 'session_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'time_to_update' = how many seconds between CI refreshing Session Information
$config['sess_cookie_name']         = 'my_cookie_name';
$config['sess_expiration'] = 7200;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'session';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 300;
Hugo Leisink
17 April 2009, 13:28
Ok, so the session information is indeed stored in cookies. The problem them is that your requests get to large when you fill the shopping cart. You can solve that problem with this:
Binding {
MaxRequestSize = <value>

MaxRequestSize has a default value of 64 (64 kb). You have to increase that value.

+64 kb for a 'normal' request is quite large if you ask me. It will make your site slow. My advice is to ignore CI's Session class and store your information in PHP's $_SESSION. It faster and more secure.
Cristian Gilè
17 April 2009, 13:40
MaxRequestSize is already set to high value. I try to set it to a very high value but the problem is still there.
Hugo Leisink
17 April 2009, 13:49
Try adding "TriggerOnCGIstatus = no" to the VirtualHost config. Maybe it's CI who is triggering the 500 error.
Cristian GIlè
17 April 2009, 17:49
I try to add TriggerOnCGIstatus = no but nothing to do, 500 - Internal Server Error is still there.
Cristian GIlè
17 April 2009, 17:57
Sorry, i can see this in error.log:

Fri 17 Apr 2009 15:44:40 +0200|IP ADDRESS|/www/path/index.php|CGI's HTTP header too large

I've tried to set MaxRequestSize to 100000 but the error is the same.

I'm using hiawatha 6.9 compiled for a 64 bit machine.
Hugo Leisink
17 April 2009, 18:12
Oke, I understand what is going wrong. I knew there must have been some sort of message in the errorlog.

What is going wrong: Hiawatha buffers the output of a CGI process, until a complete HTTP header has been read. The reason for that is not important, but if you want to know why, read the last paragraph. The maximum HTTP header Hiawatha is willing to accept, is 8 kb (which is quite large!). You must have exceeded that. You can do two things:

1) stop using CI's Session class. Storing sensitive information in cookies is not secure. I know CI, and it's Session class is bad in many ways. Store session data in PHP's $_SESSION. It's what it is for!!!!
2) Increase Hiawatha's maximum CGI HTTP header size. It's in target.c, line 45: #define MAX_CGI_HEADER 8 * KILOBYTE. Increase the 8 to 16 for example. If you make it larger than 32, also increase the CGI_BUFFER_SIZE a few lines below. MAX_CGI_HEADER must be equal or lower than CGI_BUFFER_SIZE. Don't set CGI_BUFFER_SIZE to a very large number. Hiawatha will use too much memory if you do! Although this all should work, I strongly advice option 1.

The reason Hiawatha buffers the CGI output is because a CGI can print HTTP header strings, which Hiawatha must parse in order to 'speak' HTTP correctly to the browser. Some HTTP header strings printed by the CGI process are control-strings for the webserver, not the browser.
Cristian GIlè
17 April 2009, 18:34
Thanks Hugo, perfect explanation. For now i can't switch to native session, so i choose option 2.

What the best way to install version 6.12 if i have already compiled version 6.9 ??
Hugo Leisink
17 April 2009, 18:50
Just download the 6.12 source and install it the same way you did with 6.9.
Cristian GIlè
17 April 2009, 19:40
I've tried option 2 but "500 - Internal Server Error" is still there and in the error.log the message is always "CGI's HTTP header too large". I've tried different values (also 40960. I know is a big value but only for test purpose) but nothing to do.
Hugo Leisink
17 April 2009, 20:01
How much kilobytes do you store via cookies?
Cristian GIl?
17 April 2009, 20:14
I store the data in the db and each item in the cart is about 250 byte. Cookie is used only for match ID session.
Hiawatha returns 500 error when i put about 25 items in the cart.
Hugo Leisink
17 April 2009, 22:27
You should verify the content of $_COOKIE. There's probably a lot of bytes in there.
Cristian GIlè
18 April 2009, 11:57
The $_COOKIE size is fixed to 584. Items data are stored in db.
Hugo Leisink
18 April 2009, 16:50
So the HTTP header can't be too big this time. What does the error logfile say?
Cristian Gilè
20 April 2009, 11:30
The error log is the same:

Sat 18 Apr 2009 14:45:45 +0200|IP ADDRESS|/path/to/my/www/|CGI's HTTP header too large
Hugo Leisink
20 April 2009, 12:11
If it's not the cookies, something else in the CGI header must be too big. If you use FastCGI, you can use a sniffer on the FastCGI port to see what is filling up your CGI header.

If you send me your website code, I can help you to find out what goes wrong. Yes, your code will be handled confidentially if needed.
This topic has been closed.