Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1419

bumpTimeout method usage in InMemorySessionManager

    XMLWordPrintable

Description

    Possible bug as mentioned in https://developer.jboss.org/thread/278634. As mentioned in the thread, use of bumpTimeout may cause a session that may never expire.

    From jstourac@redhat.com:

    The list of methods where 'bumpTimeout' is actually used in InMemorySessionManager to following: createSession(), setMaxInactiveInterval(), getAttribute(), getAttributeNames(), setAttribute(), removeAttribute(). From this list usage in following methods is suspicious: getAttribute(), getAttributeNames(), setAttribute(), removeAttribute().

    All occurrences were added by this commit with initial session timeout implementation.

    The truth is the Servlet 4.0, section 7.5 specification (Servlet 3.1 is almost identical) specifies that timeout depends on user activity only:

    "This means that the only mechanism that can be used to indicate when a client is no longer active is a time out period."

    Response from stuartdouglas_jira from mail:

    We could probably change that to just update the timeout in requestDone().

    Attachments

      Issue Links

        causes

        Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1827 InMemorySessionManager must bump session timeout on requestStarted

        • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
        • Resolved

        Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1789 Bring back bumpTimeout in setMaxInactiveInterval of HttpSession

        • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
        • Resolved
        is cloned by

        Bug - A problem that impairs or prevents the functions of the product. WFLY-11115 bumpTimeout method usage in InMemorySessionManager

        • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
        • Open
        is incorporated by

        Bug - A problem that impairs or prevents the functions of the product. JBEAP-19474 [GSS](7.3.z) UNDERTOW-1419 - bumpTimeout method usage in InMemorySessionManager

        • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
        • Verified

        Bug - A problem that impairs or prevents the functions of the product. JBEAP-19475 [GSS](7.2.z) UNDERTOW-1419 - bumpTimeout method usage in InMemorySessionManager

        • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
        • Verified

        Activity

          People

            flaviarnn Flavia Rainone
            akrajcik@redhat.com Adam Krajcik
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: