[jboss-jira] [JBoss JIRA] (WFLY-7229) WFLYCLWEBUT0001 for server-side invalidated sessions

Michał Nowakowski (JIRA) issues at jboss.org
Thu Sep 29 08:52:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13300304#comment-13300304 ] 

Michał Nowakowski edited comment on WFLY-7229 at 9/29/16 8:51 AM:
------------------------------------------------------------------

Clustering? Could be, sure.

Race? Well, this is just a demo. The problem is, we need server-side session invalidation to work. It works in 10.0, and even in 10.1 if clustering is off. Some SSO solutions rely on this, like Apereo CAS (formerly Jasig CAS) when configured to use back-channel - which is our case.


was (Author: micnowak1):
Clustering? Could be, sure.

Race? Well, this is just a demo. The problem is, we need server-side session invalidation to work. It works in 10.0, and even in 10.1 if clustering (?) is off. Some SSO solutions rely on this, like Apereo CAS (formerly Jasig CAS) when configured to use back-channel - which is our case.

> WFLYCLWEBUT0001 for server-side invalidated sessions
> ----------------------------------------------------
>
>                 Key: WFLY-7229
>                 URL: https://issues.jboss.org/browse/WFLY-7229
>             Project: WildFly
>          Issue Type: Bug
>          Components: Clustering, Web (Undertow)
>    Affects Versions: 10.1.0.Final
>         Environment: Happens whenever <distributable/> is used in web.xml, both in standalone and domain modes.
>            Reporter: Michał Nowakowski
>            Assignee: Paul Ferraro
>         Attachments: stacktrace_01.txt, stacktrace_02.txt, stacktrace_03.txt, testPortlet.tar.gz
>
>
> Attached is a simple webapp (pardon the name) with a single servlet "/main", that does the following:
> - a session is assigned (or created, if none existed before)
> - its details are printed and the browser is told to refresh after 20 seconds
> - before the browser refreshes, the session is invalidated server-side by separate thread.
> Expected behaviour is, that WF should give the user a new session. That's indeed how it works in standalone mode and without <distributable/> in web.xml. But in domain mode, OR with <distributable/> added (and, possibly, full-ha profile chosen), I get errors:
> - The first stacktrace happens when the thread invalidates the session.
> - The second stacktrace happens, when the browser refreshes. The user sees "Error 500".
> - Then, after a minute or so, I get the last one. It then repeats periodically.
> We can't upgrade from 10.0 because of this - and we know we need an upgrade because of fixes in Infinispan.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list