Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.2.CR1, 7.4.2.GA
Affects Version/s: 7.4.0.GA
Component/s: Undertow
Labels:
None

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
?
Release Note Text:
Undefined
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1174
Steps to Reproduce:
Hide

package reproducer;

import io.undertow.Undertow;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.InMemorySessionManager;
import io.undertow.server.session.Session;
import io.undertow.server.session.SessionAttachmentHandler;
import io.undertow.server.session.SessionConfig;
import io.undertow.server.session.SessionCookieConfig;
import io.undertow.server.session.SessionManager;
import io.undertow.util.Headers;

public class Reproducer {
public static void main(final String[] args) {

SessionManager sessionManager = new InMemorySessionManager(
"SESSION_MANAGER");
SessionCookieConfig sessionConfig = new SessionCookieConfig();
/*

Use the sessionAttachmentHandler to add the sessionManager and

sessionCofing to the exchange of every request
*/
SessionAttachmentHandler sessionAttachmentHandler = new SessionAttachmentHandler(
sessionManager, sessionConfig);
// set as next handler your root handler
sessionAttachmentHandler.setNext(new HttpHandler()
Unknown macro: { @Override public void handleRequest(final HttpServerExchange exchange) throws Exception
Unknown macro: { SessionManager sm = exchange .getAttachment(SessionManager.ATTACHMENT_KEY); SessionConfig sessionConfig = exchange .getAttachment(SessionConfig.ATTACHMENT_KEY); Session session = sm.getSession(exchange, sessionConfig); if (session == null) session = sm.createSession(exchange, sessionConfig); exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain"); exchange.getResponseSender().send("Hello World"); }
}

);
Undertow server = Undertow.builder()
.addHttpListener(8080, "localhost")
.setHandler(sessionAttachmentHandler).build();
server.start();
}
}

Create urls.txt with as many lines you like:
cat urls.txt
url = "http://localhost:8080"
url = "http://localhost:8080"
url = "http://localhost:8080"
url = "http://localhost:8080"
url = "http://localhost:8080"
url = "http://localhost:8080"
url = "http://localhost:8080"

3. INvoke( change ID on every call)
curl -X GET -b 'JSESSIONID=xxxxxx3' --verbose --parallel --parallel-immediate --parallel-max 5 --config urls.txt

possibly bump up max. Though its hard to reproduce.

possibly:

#!/bin/bash set -x for i in {0..200..1} do salt="$RANDOM" curl -b \'JSESSIONID=xx"$salt"xx\' --verbose --parallel --parallel-immediate --parallel-max 15 --config urls.txt done
Show
package reproducer; import io.undertow.Undertow; import io.undertow.server.HttpHandler; import io.undertow.server.HttpServerExchange; import io.undertow.server.session.InMemorySessionManager; import io.undertow.server.session.Session; import io.undertow.server.session.SessionAttachmentHandler; import io.undertow.server.session.SessionConfig; import io.undertow.server.session.SessionCookieConfig; import io.undertow.server.session.SessionManager; import io.undertow.util.Headers; public class Reproducer { public static void main(final String[] args) { SessionManager sessionManager = new InMemorySessionManager( "SESSION_MANAGER"); SessionCookieConfig sessionConfig = new SessionCookieConfig(); /* Use the sessionAttachmentHandler to add the sessionManager and sessionCofing to the exchange of every request */ SessionAttachmentHandler sessionAttachmentHandler = new SessionAttachmentHandler( sessionManager, sessionConfig); // set as next handler your root handler sessionAttachmentHandler.setNext(new HttpHandler() Unknown macro: { @Override public void handleRequest(final HttpServerExchange exchange) throws Exception Unknown macro: { SessionManager sm = exchange .getAttachment(SessionManager.ATTACHMENT_KEY); SessionConfig sessionConfig = exchange .getAttachment(SessionConfig.ATTACHMENT_KEY); Session session = sm.getSession(exchange, sessionConfig); if (session == null) session = sm.createSession(exchange, sessionConfig); exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain"); exchange.getResponseSender().send("Hello World"); } } ); Undertow server = Undertow.builder() .addHttpListener(8080, "localhost") .setHandler(sessionAttachmentHandler).build(); server.start(); } } Create urls.txt with as many lines you like: cat urls.txt url = "http://localhost:8080" url = "http://localhost:8080" url = "http://localhost:8080" url = "http://localhost:8080" url = "http://localhost:8080" url = "http://localhost:8080" url = "http://localhost:8080" 3. INvoke( change ID on every call) curl -X GET -b 'JSESSIONID=xxxxxx3' --verbose --parallel --parallel-immediate --parallel-max 5 --config urls.txt possibly bump up max. Though its hard to reproduce. possibly: #!/bin/bash set -x for i in {0..200..1} do salt="$RANDOM" curl -b \'JSESSIONID=xx"$salt"xx\' --verbose --parallel --parallel-immediate --parallel-max 15 --config urls.txt done
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

~~UNDERTOW-175~~ made it possible for a session ID being passed in to be used for session creation, however if multiple requests come in at once with the same "new" session ID the following error can be reported:

2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists at io.undertow.core@2.2.5.Final//io.undertow.server.session.InMemorySessionManager.createSession(InMemorySessionManager.java:180) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:948) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:421) at org.wildfly.security.elytron-web.undertow-server-servlet@1.9.0.Final//org.wildfly.elytron.web.undertow.server.servlet.ElytronHttpServletExchange.create(ElytronHttpServletExchange.java:259) at org.wildfly.security.elytron-private@1.15.1.Final//org.wildfly.security.http.util.sso.DefaultSingleSignOnSession.put(DefaultSingleSignOnSession.java:98)

This is just a call to getSession(true) but if this is called by two threads at the same time it is possible both threads will call InMemorySessionManager.createSession with one getting the above error.

This can be easily triggered by a single web page concurrently requesting multiple resources concurrently.

clones

UNDERTOW-1869 InMemorySessionManager Session Creation Not Thread Safe

Resolved

is caused by

UNDERTOW-1677 WFLYCLWEBUT0002 error occurs in first cross-context request creating a shared session

Resolved

JBEAP-18890 [GSS](7.2.z) WFLYCLWEBUT0002 error occurs in first cross-context request creating a shared session

Closed

is incorporated by

JBEAP-22504 (7.4.z) Upgrade undertow from 2.2.9.SP1-redhat-00001 to 2.2.12.Final-redhat-00001

Closed

is related to

JBEAP-22511 (7.4.z) UNDERTOW-1972 - InMemorySessionManager can mistake PLACE_HOLDER_SESSION with a real session

Closed

JBEAP-22177 [GSS](7.3.z) UNDERTOW-1869 - InMemorySessionManager Session Creation Not Thread Safe

Closed

(1 is related to)

Assignee:: Bartosz Baranowski

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2021/07/02 2:24 PM

Updated:: 2024/10/01 8:01 PM

Resolved:: 2021/09/29 2:01 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates