Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-14477

Concurrent Spring session access results in lost session attributes

XMLWordPrintable

    • Hide
      1. A HTTP request fetches the session. The processing of this request is slow, so other requests for the same session may occur concurrently (e.g. multiple AJAX calls from the browser).
      2. A second HTTP request fetches the session while the first request is still executing. This request results in a new attribute being set on the session. The request processing completes, and the updated session is written to the Infinispan cache.
      3. The first request finishes processing and its session is written to the Infinispan cache. This overwrites the session and the new session attribute added by the second request is lost.
      Show
      A HTTP request fetches the session. The processing of this request is slow, so other requests for the same session may occur concurrently (e.g. multiple AJAX calls from the browser). A second HTTP request fetches the session while the first request is still executing. This request results in a new attribute being set on the session. The request processing completes, and the updated session is written to the Infinispan cache. The first request finishes processing and its session is written to the Infinispan cache. This overwrites the session and the new session attribute added by the second request is lost.

      Infinispan's Spring integration provides a Spring Session integration using Infinispan's Cache as the backend storage. However, concurrent requests for the same session lead to lost session attributes (see steps to reproduce).

      A similar issue has been reported against the MapSessionRepository in Spring Session: https://github.com/spring-projects/spring-session/issues/1849. As noted on that issue, other built-in Spring Session backends do not have the same issue because they track changes made to the session rather than overwriting the whole session. See HazelcastIndexedSessionRepository for an example implementation.

      Infinispan's Spring Session implementation should be updated to track changes to the session rather than overwriting the whole session.

              karestig@redhat.com Katia Aresti
              nclement1 Nathan Clement (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: