[keycloak-dev] OOTB session-jpa not viable?
Leonardo Loch Zanivan
leonardo.zanivan at gmail.com
Tue May 5 14:22:46 EDT 2015
Another common source of table locks are delete operations in tables with
foreign keys without index.
On Tue, May 5, 2015 at 2:49 PM Bill Burke <bburke at redhat.com> wrote:
>
>
> On 5/5/2015 1:31 PM, Marek Posolda wrote:
> > Unfortunately the test is failing on all RDBMS, not just H2 :-(
> >
> > I did debugging with MySQL yesterday and saw that UserSessionEntity was
> > successfully deleted in chained backchannel logout request, but
> > transaction in original request failed due to foreign key
> > (UserSessionNote couldn't be added to already deleted UserSession)
> >
>
> I have fixed this problem in my local repo. For OIDC I was checking the
> state of the UserSession to see if it was in a LOGGING_OUT state. If it
> was, I wouldn't delete the user session. I forgot to do this for SAML...
>
> Unfortunately, once I fixed this problem I ran into table locks:
>
> 1. Application initiates logout
> 2. Keycloak receives app request, adds a UserSession note (this locks
> the UserSessionEntity table)
> 3. In same request, keycloak invokes a backchannel broker logout. Note,
> this request has not committed the current KeycloakSession and the
> UserSEssionEntity table is still locked
> 4. Keycloak receives the broker backchannel logout request. Tries to
> delete the broker's UserSession which tries to delete all
> UserSessionNotes. UserSessionEntity table is already locked...BANG!
> Deadlock! fail!
>
> Table locks scare the shit out of me. They are a nightmare to fix and
> often can't be fixed without massive rearchitecture.
>
> In this situation though I believe I can fix the problem by committing
> the transaction in Step #3 before invoking the backchannel broker logout
> request. Then, restarting the session thereafter.
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150505/78cb464a/attachment-0001.html
More information about the keycloak-dev
mailing list