[jbossseam-issues] [JBoss JIRA] Resolved: (JBSEAM-2888) Calling Session.invalidate() leads to an explosion of new sessions

Norman Richards (JIRA) jira-events at lists.jboss.org
Mon May 5 12:59:20 EDT 2008 

     [ http://jira.jboss.com/jira/browse/JBSEAM-2888?page=all ]

Norman Richards resolved JBSEAM-2888.
-------------------------------------

    Resolution: Done

Ok.  I see.  This does occur on JBoss when you bind to #{session.invalidate} from a view, as "session" is reserved in EL.  I've linked to a related issue where we first hit this.  

I've added an factory named org.jboss.seam.web.webSession.  I don't know if this is the best solution, but anyone who is concerned can use the alias.   It's possible we might want to rename the component and only retain "session" as a factory for backwards compatibility.  If anyone has strong feelings on the topic, speak up.

> Calling Session.invalidate() leads to an explosion of new sessions
> ------------------------------------------------------------------
>
>                 Key: JBSEAM-2888
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2888
>             Project: Seam
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.2.CR1, 2.1.0.A1, 2.0.1.GA
>            Reporter: Dan Allen
>         Assigned To: Norman Richards
>            Priority: Minor
>             Fix For: 2.1.0.BETA1
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> There appears to be a pretty nasty bug in Seam during the post-session invalidation routine. If you call #{session.invalidate} (which is also called by #{identity.logout}) a new session is created each time the conversation is referenced for the duration of the request.
> To observe this behavior, install an HttpSessionListener that watches for session creation. Then run one of these two action listener methods. You will observe the many hits to the sessionCreated() method during the request that terminates the session with Session.invalidate().
> public class SessionNotifier implements HttpSessionListener {
>     public void sessionCreated(HttpSessionEvent e) {
>         System.out.println("created session with id: " + e.getSession().getId());
>     }
>     public void sessionDestroyed(HttpSessionEvent e) {}
> }
> You can run Thread.dumpStack() in the listener to see that it is happening as a result of attribute reads on the ServerConversationContext. I guess because the session was invalidated, Seam attempts to recreate the session over and over as it works with the conversation within that request.
> I consider this a pretty serious bug because it leads to significant growth of the HTTP session.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list