[undertow-dev] invalidate session

Kovacs Lajos y_lalo at yahoo.com
Tue Jan 6 09:46:27 EST 2015 

  Hi!
     I tested with the latest version from the branch and it is working correctly now. :)     Thank you a lot!
  Best Regards,  Lalo
      From: Stuart Douglas <sdouglas at redhat.com>
 To: Kovacs Lajos <y_lalo at yahoo.com> 
Cc: undertow-dev at lists.jboss.org 
 Sent: Tuesday, January 6, 2015 3:15 AM
 Subject: Re: [undertow-dev] invalidate session
   
I have pushed a potential solution into the 1.1.x branch.

Stuart



----- Original Message -----
> From: "Kovacs Lajos" <y_lalo at yahoo.com>
> To: undertow-dev at lists.jboss.org
> Sent: Tuesday, 6 January, 2015 3:11:55 AM
> Subject: [undertow-dev] invalidate session
> 
> Hi developers!
> I recently changed to WildFly so to undertow too. Unfortunately I got an
> issue and I hope this dev list is the right place to questions regarding
> undertow.
> The issue occurs when there are two sessions and I want to invalidate from
> one session A the another one B. The session B is invalidated but
> unfortunately a new request from session A will create a new session C and
> Session A will remain in the memory.
> Digging a little bit in the source code, I found that when the session B is
> invalidated, HttpSessionImpl.invalidate() function is called, where the
> 'exchange' object is got and passed to the session.invalidate:
> 
> ServletRequestContext current =
> SecurityActions.currentServletRequestContext();
> if (current == null) {
> session.invalidate(null);
> } else {
> session.invalidate(current.getOriginalRequest().getExchange());
> }
> 
> Then the session B instance InMemorySessionManager.invalidate () line 415 the
> following is called:
> if (exchange != null) {
> sessionCookieConfig.clearSession(exchange, this.getId());
> }
> 
> where the old session's (Session B) id what was removed, destroyed is placed
> as cookie with expired date onto the exchange (the response)
> Cookie cookie = new CookieImpl (cookieName, sessionId)
> ...
> exchange . setResponseCookie(cookie);
> 
> So the next request will not contain the right cookie so the session will not
> be found and a new session will be created
> (ServletContextImpl.getSession()). That's the main cause what I see.
> 
> I checked issue UNDERTOW-261 what is sounds very similar, but this is not the
> case because the session remains active in the memory but a new one still
> created.
> 
> Used undertow 1.1.x branch for sources, as WildFly 8.2.0 with undertow
> 1.1.0.Final.
> I’m doing something wrong or it is a bug? Any feedback is appreciated. Thanks
> in advance!
> 
> Best Regards,
> lalo
> 
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20150106/ff17ffe0/attachment-0001.html

More information about the undertow-dev mailing list