Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-21530

Web Session lock skipped by CachedSessionManager's concurrent CacheStrategy

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Critical Critical
    • None
    • 39.0.1.Final
    • Clustering
    • None
    • Hide
      1. Deploy attached session.war on an HA config and generate a session.
      2. Send concurrent requests for a single session, for instance:
      $ ab -c 10 -n 200 -C JSESSIONID=<session_id> http://localhost:8080/session/session.jsp
      1. Note requests can be processed in parallel and the app will notify of a concurrent modification resulting in an unexpected value:
      14:23:41,634 INFO  [stdout] (default task-8) ERROR! expected 13 but was instead 14
      Show
      Deploy attached session.war on an HA config and generate a session. Send concurrent requests for a single session, for instance: $ ab -c 10 -n 200 -C JSESSIONID=<session_id> http: //localhost:8080/session/session.jsp Note requests can be processed in parallel and the app will notify of a concurrent modification resulting in an unexpected value: 14:23:41,634 INFO  [stdout] ( default task-8) ERROR! expected 13 but was instead 14
    • ---
    • ---

      With the refactoring in WildFly Clustering and its ConcurrentSessionManager, the concurrent CacheStrategy it employs will skip attempts to lock the session if it is fetched from the references map.  The lock would typically be grabbed by this factory.apply call, but this is only reached if result from the references map was originally null.

      This causes a significant change in behavior for prior configs like below where the session was previously locked for every request, preventing concurrent access and modifications to the session:

                      <distributed-cache name="dist">
                    <locking isolation="REPEATABLE_READ"/>
                    <transaction mode="BATCH"/>
                    <expiration interval="0"/>
                    <file-store passivation="true" purge="true"/>
                </distributed-cache>

      Now that the lock can be skipped, concurrent session modifications are no longer prevented and bad session states can be seen across concurrent requests.

        1. session.war
          0.9 kB
          Aaron Ogburn

              pferraro@redhat.com Paul Ferraro
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: