Erratic Google App Engine 401 response when GOOGAPPUID set to x
I ran across a strange issue on an angularJS application that makes backend calls to a Google App Engine API. Every so often, the request would fail out with a 401 unauthorized request, but if you hit the reload button, the page would reload fully logged in. Looking at the AJAX request, it looked like the request didn’t change and the auth cookie was the same between the failed request and the reloaded request. So why would it fail?
The only difference was a cookie transmitted with the name GOOGAPPUID. This cookie is designed to allow traffic splitting between multiple instances of Google App Engine versions. So when a user connects to one instance, it would continue to connect to that Google Instance instead of switch around to other instances. This is very important if you are pushing new version of your Google App Engine application and want to slowly transition users from an older one to the newer version. (or at least not have users sending requests erratically to a newer and older version)
However, our app was randomly failing out user requests because it was initially connecting to a GOOGLEAPPUID of xckjfdska328 and then somewhere transition to a GOOGLEAPPUID of x. Something was truncating the cookie request to a single letter and now it is conflicting with another app instance that doesn’t exist. So we get a 401 response instead of our expected 200.
One solution is to find the the cause of the GOOGLAPPUID transition, but keep in mind that these cookies are also generated by the Google App Engine framework. This turned into too much of a wild goose chase.
Alternatively we would want to have Google App Engine ignore these cookies. The default settings on Google App Engine is to not use Traffic Splitting, but we noticed if the cookies are there, it is processing it like it was active. In the current Google App Engine Developer Console, you cannot edit the Traffic Splitting options without enabling at least a 1% traffic diversion. This where we can cheat a little bit. If you log into the old legacy Google App Engine interface, you can actually toggle Traffic Splitting between cookie based to IP based without setting a 1% traffic split between instances.
1. Login to http://appengine.google.com
2. Select your app
3. Go to Versions
4. Scroll to the bottom and open the Traffic Splitting panel
5. Toggle the Traffic Splitting from Cookie based to IP Address