-
Bug
-
Resolution: Done
-
Major
-
2.2.5.Final
-
None
UNDERTOW-175 made it possible for a session ID being passed in to be used for session creation, however if multiple requests come in at once with the same "new" session ID the following error can be reported:
2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists2021-03-23 15:02:03,309 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /hello-world-jsf-3/session: java.lang.IllegalStateException: UT000196: Session with id dLA4P9OPnFMMe3Q2uIJqtr74o2J2jY0rkISdMJ7l already exists at io.undertow.core@2.2.5.Final//io.undertow.server.session.InMemorySessionManager.createSession(InMemorySessionManager.java:180) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:948) at io.undertow.servlet@2.2.5.Final//io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:421) at org.wildfly.security.elytron-web.undertow-server-servlet@1.9.0.Final//org.wildfly.elytron.web.undertow.server.servlet.ElytronHttpServletExchange$3.create(ElytronHttpServletExchange.java:259) at org.wildfly.security.elytron-private@1.15.1.Final//org.wildfly.security.http.util.sso.DefaultSingleSignOnSession.put(DefaultSingleSignOnSession.java:98)
This is just a call to getSession(true) but if this is called by two threads at the same time it is possible both threads will call InMemorySessionManager.createSession with one getting the above error.
This can be easily triggered by a single web page concurrently requesting multiple resources concurrently.
- is caused by
-
UNDERTOW-1677 WFLYCLWEBUT0002 error occurs in first cross-context request creating a shared session
- Resolved
- is cloned by
-
JBEAP-22176 [GSS](7.4.z) UNDERTOW-1869 - InMemorySessionManager Session Creation Not Thread Safe
- Closed
-
JBEAP-22177 [GSS](7.3.z) UNDERTOW-1869 - InMemorySessionManager Session Creation Not Thread Safe
- Closed
- is duplicated by
-
UNDERTOW-1790 UT000010: Session is invalid due to concurrent calls changeSessionId() calls on same session
- Resolved
- is incorporated by
-
WFCORE-5598 Upgrade Undertow to 2.2.12.Final
- Closed
- is related to
-
UNDERTOW-1972 InMemorySessionManager can mistake PLACE_HOLDER_SESSION with a real session
- Resolved
-
UNDERTOW-1971 Change in handling of concurrent session creation with id reuse
- Closed