Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1790

UT000010: Session is invalid due to concurrent calls changeSessionId() calls on same session

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 2.3.0.Alpha1, 2.2.19.Final
    • 2.0.21.Final
    • Core
    • None
    • Hide

      We use a vanilla Wildfly 17.0.1.Final release in standalone mode.
      Have a servlet that changes the http session ID via HttpServletRequest.changeSessionId() and fire multiple concurrent requests against the server using an stateful cookie manager.
      See attached InMemorySessionTestCase.java for a unit test.

      Show
      We use a vanilla Wildfly 17.0.1.Final release in standalone mode. Have a servlet that changes the http session ID via HttpServletRequest.changeSessionId() and fire multiple concurrent requests against the server using an stateful cookie manager. See attached  InMemorySessionTestCase.java  for a unit test.
    • Workaround Exists
    • Hide

      don't call changeSessionId concurrently

      Show
      don't call changeSessionId concurrently
    • Undefined

      We discovered that InMemorySessionManager.SessionImpl.changeSessionId(HttpServerExchange, SessionConfig) is not thread safe.

       

       

        1. InMemorySessionTestCase.java
          11 kB

              rhn-cservice-bbaranow Bartosz Baranowski
              pressenna Pressenna Sockalingasamy (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: