Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6543

Multiple Sessions are created over SSL Session Tracking

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 10.0.0.Final
    • Web (Undertow)
    • Hide

      1. Enable SSL.
      2. Deploy the attachment "SessionTrackingSsl.war".
      3. Access the resource through the browser.
      4. The Session Ids will be logged to the configured root logger.

      Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

      Show
      1. Enable SSL. 2. Deploy the attachment "SessionTrackingSsl.war". 3. Access the resource through the browser. 4. The Session Ids will be logged to the configured root logger. Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

      When using SSL as the session tracking method, there are multiple sessions created for subsequent HTTP requests, some of which are reused.

      This is the log obtained by using a filter to track the HTTP Sessions:

      14:08:45,766 INFO  [com.test.SessionIdTrackFilter] (default task-17) Request URL : [/SessionTrackingSsl/], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-20) Request URL : [/SessionTrackingSsl/resources/css/font-awesome.min.css], Session Id : [uljMhXUsAK1BXXXmnmXzAD4EkFgFZn30I-wsFajD]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/jquery/jquery-1.12.3.min.js], Session Id : [SBZeTDPKSxLbgcwR_zCazx5heXwssOvrjSVI0sJV]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-18) Request URL : [/SessionTrackingSsl/resources/css/bootstrap.min.css], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      14:08:45,785 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/bootstrap.min.js], Session Id : [FETLRFRjQyjzktTUi29hTe3tqimJnGEgdpHZGu6e]
      14:08:45,787 INFO  [com.test.SessionIdTrackFilter] (default task-19) Request URL : [/SessionTrackingSsl/starter-template.css], Session Id : [eHGhpdreJJv8RKTmZul3hKXjORhAp8GIqJktTmgh]
      14:08:45,814 INFO  [com.test.SessionIdTrackFilter] (default task-26) Request URL : [/SessionTrackingSsl/resources/fonts/fontawesome-webfont.woff2], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      

      I have made the following changes to the standalone.xml to enable SSL:
      diff ../standalone/configuration/standalone.xml ../standalone/configuration/standalone_xml_history/standalone.initial.xml :

      1c1
      < <?xml version='1.0' encoding='UTF-8'?>
      ---
      > <?xml version="1.0" ?>
      4d3
      < 
      33,34d31
      < 
      < 
      47,51d43
      <                 <server-identities>
      <                     <ssl>
      <                         <keystore path="testks.keystore" relative-to="jboss.server.config.dir" keystore-password="Password" alias="testks" key-password="Password"/>
      <                     </ssl>
      <                 </server-identities>
      89d80
      < 
      188a180
      >                     <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
      206c198
      <             <remote connector-ref="https-remoting-connector" thread-pool-name="default"/>
      ---
      >             <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
      305c297
      <             <http-connector name="https-remoting-connector" connector-ref="default-https" security-realm="ApplicationRealm"/>
      ---
      >             <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
      360c352
      <                 <https-listener name="default-https" security-realm="ApplicationRealm" socket-binding="https"/>
      ---
      >                 <http-listener name="default" socket-binding="http" redirect-socket="https"/>
      391d382
      < 
      400d390
      < 
      
      

      Apart from this, I have not made any changes to any of the configuration files. When the tracking method is set to COOKIE, the session ids are consistent.

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              pradeepsixer_jira Pradeep Kumar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: