Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6543

Multiple Sessions are created over SSL Session Tracking

    Details

    • Steps to Reproduce:
      Hide

      1. Enable SSL.
      2. Deploy the attachment "SessionTrackingSsl.war".
      3. Access the resource through the browser.
      4. The Session Ids will be logged to the configured root logger.

      Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

      Show
      1. Enable SSL. 2. Deploy the attachment "SessionTrackingSsl.war". 3. Access the resource through the browser. 4. The Session Ids will be logged to the configured root logger. Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

      Description

      When using SSL as the session tracking method, there are multiple sessions created for subsequent HTTP requests, some of which are reused.

      This is the log obtained by using a filter to track the HTTP Sessions:

      14:08:45,766 INFO  [com.test.SessionIdTrackFilter] (default task-17) Request URL : [/SessionTrackingSsl/], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-20) Request URL : [/SessionTrackingSsl/resources/css/font-awesome.min.css], Session Id : [uljMhXUsAK1BXXXmnmXzAD4EkFgFZn30I-wsFajD]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/jquery/jquery-1.12.3.min.js], Session Id : [SBZeTDPKSxLbgcwR_zCazx5heXwssOvrjSVI0sJV]
      14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-18) Request URL : [/SessionTrackingSsl/resources/css/bootstrap.min.css], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      14:08:45,785 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/bootstrap.min.js], Session Id : [FETLRFRjQyjzktTUi29hTe3tqimJnGEgdpHZGu6e]
      14:08:45,787 INFO  [com.test.SessionIdTrackFilter] (default task-19) Request URL : [/SessionTrackingSsl/starter-template.css], Session Id : [eHGhpdreJJv8RKTmZul3hKXjORhAp8GIqJktTmgh]
      14:08:45,814 INFO  [com.test.SessionIdTrackFilter] (default task-26) Request URL : [/SessionTrackingSsl/resources/fonts/fontawesome-webfont.woff2], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
      

      I have made the following changes to the standalone.xml to enable SSL:
      diff ../standalone/configuration/standalone.xml ../standalone/configuration/standalone_xml_history/standalone.initial.xml :

      1c1
      < <?xml version='1.0' encoding='UTF-8'?>
      ---
      > <?xml version="1.0" ?>
      4d3
      < 
      33,34d31
      < 
      < 
      47,51d43
      <                 <server-identities>
      <                     <ssl>
      <                         <keystore path="testks.keystore" relative-to="jboss.server.config.dir" keystore-password="Password" alias="testks" key-password="Password"/>
      <                     </ssl>
      <                 </server-identities>
      89d80
      < 
      188a180
      >                     <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
      206c198
      <             <remote connector-ref="https-remoting-connector" thread-pool-name="default"/>
      ---
      >             <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
      305c297
      <             <http-connector name="https-remoting-connector" connector-ref="default-https" security-realm="ApplicationRealm"/>
      ---
      >             <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
      360c352
      <                 <https-listener name="default-https" security-realm="ApplicationRealm" socket-binding="https"/>
      ---
      >                 <http-listener name="default" socket-binding="http" redirect-socket="https"/>
      391d382
      < 
      400d390
      < 
      
      

      Apart from this, I have not made any changes to any of the configuration files. When the tracking method is set to COOKIE, the session ids are consistent.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                pradeepsixer Pradeep Kumar
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: