[undertow-dev] invalidate session
Kovacs Lajos
y_lalo at yahoo.com
Tue Jan 6 09:46:27 EST 2015
Hi!
I tested with the latest version from the branch and it is working correctly now. :) Thank you a lot!
Best Regards, Lalo
From: Stuart Douglas <sdouglas at redhat.com>
To: Kovacs Lajos <y_lalo at yahoo.com>
Cc: undertow-dev at lists.jboss.org
Sent: Tuesday, January 6, 2015 3:15 AM
Subject: Re: [undertow-dev] invalidate session
I have pushed a potential solution into the 1.1.x branch.
Stuart
----- Original Message -----
> From: "Kovacs Lajos" <y_lalo at yahoo.com>
> To: undertow-dev at lists.jboss.org
> Sent: Tuesday, 6 January, 2015 3:11:55 AM
> Subject: [undertow-dev] invalidate session
>
> Hi developers!
> I recently changed to WildFly so to undertow too. Unfortunately I got an
> issue and I hope this dev list is the right place to questions regarding
> undertow.
> The issue occurs when there are two sessions and I want to invalidate from
> one session A the another one B. The session B is invalidated but
> unfortunately a new request from session A will create a new session C and
> Session A will remain in the memory.
> Digging a little bit in the source code, I found that when the session B is
> invalidated, HttpSessionImpl.invalidate() function is called, where the
> 'exchange' object is got and passed to the session.invalidate:
>
> ServletRequestContext current =
> SecurityActions.currentServletRequestContext();
> if (current == null) {
> session.invalidate(null);
> } else {
> session.invalidate(current.getOriginalRequest().getExchange());
> }
>
> Then the session B instance InMemorySessionManager.invalidate () line 415 the
> following is called:
> if (exchange != null) {
> sessionCookieConfig.clearSession(exchange, this.getId());
> }
>
> where the old session's (Session B) id what was removed, destroyed is placed
> as cookie with expired date onto the exchange (the response)
> Cookie cookie = new CookieImpl (cookieName, sessionId)
> ...
> exchange . setResponseCookie(cookie);
>
> So the next request will not contain the right cookie so the session will not
> be found and a new session will be created
> (ServletContextImpl.getSession()). That's the main cause what I see.
>
> I checked issue UNDERTOW-261 what is sounds very similar, but this is not the
> case because the session remains active in the memory but a new one still
> created.
>
> Used undertow 1.1.x branch for sources, as WildFly 8.2.0 with undertow
> 1.1.0.Final.
> I’m doing something wrong or it is a bug? Any feedback is appreciated. Thanks
> in advance!
>
> Best Regards,
> lalo
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20150106/ff17ffe0/attachment-0001.html
More information about the undertow-dev
mailing list