-
Bug
-
Resolution: Done
-
Major
-
7.3.8.GA
-
None
UNDERTOW-175 made it possible for a session ID being passed in to be used for session creation, however if multiple requests come in at once with the same "new" session ID the following error can be reported:
2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists at io.undertow.core@2.2.5.Final//io.undertow.server.session.InMemorySessionManager.createSession(InMemorySessionManager.java:180) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:948) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:421) at org.wildfly.security.elytron-web.undertow-server-servlet@1.9.0.Final//org.wildfly.elytron.web.undertow.server.servlet.ElytronHttpServletExchange.create(ElytronHttpServletExchange.java:259) at org.wildfly.security.elytron-private@1.15.1.Final//org.wildfly.security.http.util.sso.DefaultSingleSignOnSession.put(DefaultSingleSignOnSession.java:98)
This is just a call to getSession(true) but if this is called by two threads at the same time it is possible both threads will call InMemorySessionManager.createSession with one getting the above error.
This can be easily triggered by a single web page concurrently requesting multiple resources concurrently.
- clones
-
UNDERTOW-1869 InMemorySessionManager Session Creation Not Thread Safe
- Resolved
- is caused by
-
UNDERTOW-1677 WFLYCLWEBUT0002 error occurs in first cross-context request creating a shared session
- Resolved
-
JBEAP-18890 [GSS](7.2.z) WFLYCLWEBUT0002 error occurs in first cross-context request creating a shared session
- Closed
- relates to
-
JBEAP-22176 [GSS](7.4.z) UNDERTOW-1869 - InMemorySessionManager Session Creation Not Thread Safe
- Closed