Details
-
Bug
-
Resolution: Can't Do
-
Critical
-
None
-
2.1.0.Final
-
None
Description
When handling large number of websocket requests, we discovered HttpSession crossover, i.e., more than 1 websocket connections may share the same HttpSession id. This issue is related to UNDERTOW-1733.
We overwrite modfiyHandshake, in order to save HttpSession into SeverEndpointConfig (and hence Undertow Session).
public class MyWebsocketConfigurator extends ServerEndpointConfig.Configurator implements Filter { @Override public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) { HttpSession httpSession = (HttpSession) request.getHttpSession(); config.getUserProperties().put("http.session", httpSession); System.out.println("http session id=" + httpSession.getId(); } }
Then, in websocket onOpen()
@ServerEndpoint(value = "/websocket/v0/{mac}", configurator = MyWebsocketConfigurator.class) public class MyWebSocketEndpoint { @OnOpen public void onOpen(Session session, EndpointConfig config, final @PathParam("mac") String mac) { HttpSession httpSession = ((HttpSession)session.getUserProperties().get("http.session")); System.out.println("http session id = " + httpSession.getId(); } }
This is running fine for request under lower traffic. Once traffic picks up (perf testing), we start seeing different session id for above 2 println statements.
Is this a bug on session management? Your advice is highly appreciated!
