[jboss-jira] [JBoss JIRA] (WFLY-7651) Session invalidation not reflected when coming from another concurrent request

Guillermo González de Agüero (JIRA) issues at jboss.org
Wed Nov 23 08:35:00 EST 2016 

    [ https://issues.jboss.org/browse/WFLY-7651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13327105#comment-13327105 ] 

Guillermo González de Agüero commented on WFLY-7651:
----------------------------------------------------

The workaround I found is to create an HttpServletRequestWrapper fixing the session validation checks:


{code:java}
public class WFLY7651RequestWrapper extends HttpServletRequestWrapper {

    private final HttpServletRequest request;

    public WFLY7651RequestWrapper(HttpServletRequest request) {
        super(request);
        this.request = request;
    }

    @Override
    public boolean isRequestedSessionIdValid() {
        HttpSession session = request.getSession(false);
        if (session == null) {
            return false;
        }

        try {
            session.getAttribute("xxx");
            return true;
        } catch (IllegalStateException e) {
            return false;
        }
    }

    @Override
    public HttpSession getSession(boolean create) {
        HttpSession session = super.getSession(create);
        return isRequestedSessionIdValid() ? session : null;
    }

}
{code}


{code:java}
@WebFilter("/*")
public class WFLY7651Filter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        ServletRequest wrappedRequest = request;
        if (request instanceof HttpServletRequest) {
            wrappedRequest = new WFLY7651RequestWrapper((HttpServletRequest) request);
        }
        chain.doFilter(wrappedRequest, response);
    }

    @Override
    public void destroy() {
    }

}

{code}


> Session invalidation not reflected when coming from another concurrent request
> ------------------------------------------------------------------------------
>
>                 Key: WFLY-7651
>                 URL: https://issues.jboss.org/browse/WFLY-7651
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.1.0.Final
>            Reporter: Guillermo González de Agüero
>            Assignee: Stuart Douglas
>         Attachments: session-invalidation-1.0-SNAPSHOT.war, session-invalidation-src.zip
>
>
> When a request is being processed, and another concurrent request invalidates the session, invalidation is not reflected in the first request, i.e.: calling HttpServletRequest#isRequestedSessionIdValid() returns true. But trying to get any request attribute shows that the request is effectively destroyed. The same happens when the session expires after initiating the request.
> Related to WFLY-7568 and probably also to WFLY-6744



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list