Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1790

UT000010: Session is invalid due to concurrent calls changeSessionId() calls on same session

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • 2.3.0.Alpha1, 2.2.19.Final
    • 2.0.21.Final
    • Core
    • None
    • Hide

      We use a vanilla Wildfly 17.0.1.Final release in standalone mode.
      Have a servlet that changes the http session ID via HttpServletRequest.changeSessionId() and fire multiple concurrent requests against the server using an stateful cookie manager.
      See attached InMemorySessionTestCase.java for a unit test.

      Show
      We use a vanilla Wildfly 17.0.1.Final release in standalone mode. Have a servlet that changes the http session ID via HttpServletRequest.changeSessionId() and fire multiple concurrent requests against the server using an stateful cookie manager. See attached  InMemorySessionTestCase.java  for a unit test.
    • Workaround Exists
    • Hide

      don't call changeSessionId concurrently

      Show
      don't call changeSessionId concurrently
    • Undefined

    Description

      We discovered that InMemorySessionManager.SessionImpl.changeSessionId(HttpServerExchange, SessionConfig) is not thread safe.

       

       

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1869 InMemorySessionManager Session Creation Not Thread Safe

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is related to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2147 race condition between session invalidate and changeSessionId leads to UT000010

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1900 InMemorySessionManager#SessionImpl.changeSessionId does not check if session exist before replacing

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-cservice-bbaranow Bartosz Baranowski
              pressenna Pressenna Sockalingasamy (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: