Hi
developers!
I recently changed to WildFly so to undertow
too. Unfortunately I got an issue and I hope
this dev list is the right place to questions regarding undertow.
The issue occurs when there are two sessions
and I want to invalidate from one session A the another
one B. The session B is invalidated but unfortunately a new request from
session A will create a new session C and Session A will remain in the memory.
Digging a
little bit in the source code, I found that when the session B is invalidated, HttpSessionImpl.invalidate()
function is called, where the 'exchange' object is got and passed to the
session.invalidate:
ServletRequestContext
current = SecurityActions.currentServletRequestContext();
if (current == null) {
session.invalidate(null);
} else {
session.invalidate(current.getOriginalRequest().getExchange());
}
Then the session B instance InMemorySessionManager.invalidate () line 415 the following is called:
if
(exchange != null) {
sessionCookieConfig.clearSession(exchange, this.getId());
}
where the
old session's (Session B) id what was removed, destroyed is placed as cookie with expired date onto the exchange
(the response)
Cookie cookie = new CookieImpl(cookieName, sessionId)
...
exchange.setResponseCookie(cookie);
So the next
request will not contain the right cookie so the session will not be found and
a new session will be created (ServletContextImpl.getSession()). That's the main cause what I see.
I checked
issue UNDERTOW-261 what is sounds very similar, but this is not the case
because the session remains active in the memory but a new one still created.
Used
undertow 1.1.x branch for sources, as WildFly 8.2.0 with undertow 1.1.0.Final.
I’m doing
something wrong or it is a bug? Any feedback is appreciated. Thanks in advance!
Best Regards,
lalo