[jboss-jira] [JBoss JIRA] (WFLY-7229) WFLYCLWEBUT0001 for server-side invalidated sessions

Michał Nowakowski (JIRA) issues at jboss.org
Fri Sep 30 03:32:01 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13300751#comment-13300751 ] 

Michał Nowakowski commented on WFLY-7229:
-----------------------------------------

@Paul: I'll try. We can disable server-side invalidation without losing security or functionality, but we're concerned about resources. Our interval has to be closer to 20 minutes than 20 seconds, and our sessions are not minute. Plus, no appserver we used before was having any problem with this invalidation, nor with being given valid cookies to invalid sessions - these were Tomcat, JBossAS and older versions of WF. I guess people that wrote CAS client for Java were also unaware of any. Or... is handling a HttpSession in context of a _foreign_ HttpRequest (that is, a request of a different session or with no session at all) still faithful to the spec?


> WFLYCLWEBUT0001 for server-side invalidated sessions
> ----------------------------------------------------
>
>                 Key: WFLY-7229
>                 URL: https://issues.jboss.org/browse/WFLY-7229
>             Project: WildFly
>          Issue Type: Bug
>          Components: Clustering, Web (Undertow)
>    Affects Versions: 10.1.0.Final
>         Environment: Happens whenever <distributable/> is used in web.xml, both in standalone and domain modes.
>            Reporter: Michał Nowakowski
>            Assignee: Paul Ferraro
>         Attachments: stacktrace_01.txt, stacktrace_02.txt, stacktrace_03.txt, testPortlet.tar.gz
>
>
> Attached is a simple webapp (pardon the name) with a single servlet "/main", that does the following:
> - a session is assigned (or created, if none existed before)
> - its details are printed and the browser is told to refresh after 20 seconds
> - before the browser refreshes, the session is invalidated server-side by separate thread.
> Expected behaviour is, that WF should give the user a new session. That's indeed how it works in standalone mode and without <distributable/> in web.xml. But in domain mode, OR with <distributable/> added (and, possibly, full-ha profile chosen), I get errors:
> - The first stacktrace happens when the thread invalidates the session.
> - The second stacktrace happens, when the browser refreshes. The user sees "Error 500".
> - Then, after a minute or so, I get the last one. It then repeats periodically.
> We can't upgrade from 10.0 because of this - and we know we need an upgrade because of fixes in Infinispan.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list