Can't understand what's happening: Xojo Client between PHP app

Hi all, I tried to understand for a day now why an app that has been running for 9 months without an issue no longer works since Saturday.
I have a PHP application that returns a JSON encoded output from a fetchAll(PDO::FETCH_CLASS).
I have MAC & WIN clients that since Saturday don’t capture any longer what is returned.
These clients have not changed since March.
When I POST a JSON string to the PHP application over HTTPS, POSTMAN captures the feedback. This feedback hasn’t changed.
But the XOJO apps no longer see what the server returns.

I’ve no idea what’s happening. Does anyone have an idea how I can figure out what is wrong?


Logically, something must have changed.

Is your PHP running on Apache? Did Apache get an upgrade? (recent Apache versions are more strict about things such as duplicate headers, see for example ) [ This post also has info on how to do a packet capture on mac which was very useful… ]

Are the Xojo apps and your POSTMAN test all from the same IP address? Perhaps a firewall somewhere has decided that the XOjo apps are trying to DDOS your server and is blocking them?

Can you add more logging to your Xojo app? What error code(s) are being returned? What headers? etc.

Hi Michael, the hosting company says nothing has changed. Hard for me to check.
The Xojo apps & postman are run from the same machines & network. Also, all my users suffer from this.
I added as many logs to XOJO, and all is normal till I do the post
jsonData = Socket1.Post(App.BaseURL, 30)
All I can see then is that jsonData is empty.
On POSTMAN I can see the headers:

content-encoding: gzip
content-length: 77
content-type: text/html; charset=UTF-8
date: Wed, 20 Nov 2019 14:29:38 GMT
server: Apache
vary: Accept-Encoding
x-cache: yes

Is there a way I can see the headers in XOJO?

Are you using HTTPSocket? will allow you to dump the headers

You can also try

curl --head

Which may give you the apache version number (but some hosts hide that information for security)

[Edit: looks like your host is hiding the Apache version info]

Sorry, just noticed you are using HTTPS - could your certificate have expired? That’s something which would affect all users, but might be ignored when you are testing with tools such as POSTMAN.

 curl -v 

will give you debug info on the certificate.

I think the certificate is OK, but I get an error “102” which means “LostConnection”.
No idea where this comes from…

102 can be normal - it’s the ‘connection is done’ message you get once the transaction is complete. If you are getting 102 before any other events (such as headersReceived) then perhaps this is a firewall issue? The server is detecting your connection as bad and immediatelly killing it?

I recommend packet tracing to get to the bottom of it.