Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-2483

WELD o.j.w.e.IllegalStateException after saved session does not auto-recover

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • Unscheduled
    • None
    • None
    • None
    • Hide

      1) Start standalone AS with persistent session cookie over restart enabled.
      2) Run webapp, that generates session cookie, that ends up using WELD Bean Identifier Index optimization.
      3) Shutdown AS gracefully.
      4) Modify application so the next deployment changes the BeanIdentifierIndex
      5) Start WildFly
      6) Access a URL that uses HttpSession (using the old cookie ID) and observe the o.j.e.IllegalStateException in the WildFly log.
      7) I am claiming this condition should recover automatically, but it does not.

      Show
      1) Start standalone AS with persistent session cookie over restart enabled. 2) Run webapp, that generates session cookie, that ends up using WELD Bean Identifier Index optimization. 3) Shutdown AS gracefully. 4) Modify application so the next deployment changes the BeanIdentifierIndex 5) Start WildFly 6) Access a URL that uses HttpSession (using the old cookie ID) and observe the o.j.e.IllegalStateException in the WildFly log. 7) I am claiming this condition should recover automatically, but it does not.
    • Workaround Exists
    • Hide

      It’s recommended to disable this optimization during the development phase, i.e. when apps change between redeploys.

      See also Weld configuration and Bean identifier index optimization.

      Show
      It’s recommended to disable this optimization during the development phase, i.e. when apps change between redeploys. See also Weld configuration and Bean identifier index optimization .

    Description

      When modifying the WELD bean profile between starting/stopping WildFly with persistent session cookies over restart enabled.

      It is possible to get an unrecoverable o.j.w.e.IllegalStateException.

      What I mean by this is that if the AS knows the HTTP session cookie is a valid ID, but is unable to recover it from the persistence serialization over a restart (due to a change in the WELD BeanIdentifer instances changing to allow the optimization to work in this area). What the AS should do is simply log the problem and invalidate the session cookie completely. All this should happen in a transparent way to the WebApp, so it gets a null return or a brand new HttpSession.

      This will automatically allow the HTTP client to recover, by forcing the application to generate a new HTTP session as necessary / or force logout, etc..

      This is unrecoverable since the exception seems to be thrown at a level before it hits any WebApp application code. So it doesn't seem possible for the WebApp developer to correct the problem from the exception. Which makes sense since you need a HttpSession object to invoke #invalidate() on and it is recovering that that is.

      Everytime the user refreshes all they get is the error and a HTTP/500 Internal Server Error and the user has to either delete their cookie, or the WildFly admin shutdown and remove any persistent session cookie data.

      Attachments

        Activity

          People

            Unassigned Unassigned
            darryl.miles@dlmc.co.uk Darryl Miles (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: