Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1971

Change in handling of concurrent session creation with id reuse

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 2.3.0.Final, 2.2.21.Final
    • 2.5.0.Final
    • Servlet
    • None

      With UNDERTOW-1677 we are throwing IllegalStateException when an attempt to reuse the session id is done. We should allow this, specially making it consistent with the way Tomcat handles session id creation/reuse, and making Undertow backwards compatible with JBoss Web as well.

      A common case for this is when there are multiple requests to the same server using the same session id. The expected behavior is that the first one to hit the InMemorySessionManager will create the session, the others will just reuse this. A particular scenario involving this Jira is when multiple requests hit the ServletContext session creation code all at the same time, we will race to see who gets to the create the session, currently we are seeing IllegalStateException such as the following when this happens:

      18:20:29,750 ERROR [io.undertow.request] (default task-4) UT005023: Exception handling request to /helloworld2/hi3.jsp: javax.servlet.ServletException: java.lang.IllegalStateException: UT000196: Session with id mrqj0cpQKeZnuCeA-p5gUBTRND2ZIXfIvFxvkqZ- already exists
      	at org.apache.jsp.hi3_jsp._jspService(hi3_jsp.java:112)
      	at io.undertow.jsp@2.0.9.Final//org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      	at io.undertow.jsp@2.0.9.Final//org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
      	at io.undertow.jsp@2.0.9.Final//org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403)
      	at io.undertow.jsp@2.0.9.Final//org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347)
      	at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.jsp@2.0.9.Final//io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.security.elytron-web.undertow-server@1.9.1.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
      	at org.wildfly.security.elytron-base@1.17.0.Final//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
      	at org.wildfly.security.elytron-base@1.17.0.Final//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
      	at org.wildfly.security.elytron-base@1.17.0.Final//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
      	at org.wildfly.security.elytron-web.undertow-server@1.9.1.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at org.wildfly.security.elytron-web.undertow-server-servlet@1.9.1.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:280)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
      	at org.wildfly.extension.undertow@25.0.0.Final-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:260)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
      	at io.undertow.servlet@2.2.10.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
      	at io.undertow.core@2.2.9.Final-SNAPSHOT//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
      	at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
      	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
      	at org.jboss.xnio@3.8.4.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
      	at java.base/java.lang.Thread.run(Thread.java:834)
      

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: