Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 10.0.0.Final
Component/s: Web (Undertow)
Labels:
- session
- ssl

Steps to Reproduce:

Hide

1. Enable SSL.
2. Deploy the attachment "SessionTrackingSsl.war".
3. Access the resource through the browser.
4. The Session Ids will be logged to the configured root logger.

Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

Show
1. Enable SSL. 2. Deploy the attachment "SessionTrackingSsl.war". 3. Access the resource through the browser. 4. The Session Ids will be logged to the configured root logger. Sometimes the session ids are consistent. In such cases, clearing the browser data and reloading the resource will help reproduce the bug. Also viewing the resource in Inprivate browsing will help too.

Description

When using SSL as the session tracking method, there are multiple sessions created for subsequent HTTP requests, some of which are reused.

This is the log obtained by using a filter to track the HTTP Sessions:

14:08:45,766 INFO  [com.test.SessionIdTrackFilter] (default task-17) Request URL : [/SessionTrackingSsl/], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-20) Request URL : [/SessionTrackingSsl/resources/css/font-awesome.min.css], Session Id : [uljMhXUsAK1BXXXmnmXzAD4EkFgFZn30I-wsFajD]
14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/jquery/jquery-1.12.3.min.js], Session Id : [SBZeTDPKSxLbgcwR_zCazx5heXwssOvrjSVI0sJV]
14:08:45,784 INFO  [com.test.SessionIdTrackFilter] (default task-18) Request URL : [/SessionTrackingSsl/resources/css/bootstrap.min.css], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]
14:08:45,785 INFO  [com.test.SessionIdTrackFilter] (default task-16) Request URL : [/SessionTrackingSsl/resources/js/bootstrap.min.js], Session Id : [FETLRFRjQyjzktTUi29hTe3tqimJnGEgdpHZGu6e]
14:08:45,787 INFO  [com.test.SessionIdTrackFilter] (default task-19) Request URL : [/SessionTrackingSsl/starter-template.css], Session Id : [eHGhpdreJJv8RKTmZul3hKXjORhAp8GIqJktTmgh]
14:08:45,814 INFO  [com.test.SessionIdTrackFilter] (default task-26) Request URL : [/SessionTrackingSsl/resources/fonts/fontawesome-webfont.woff2], Session Id : [wkgBkT61gFQnJeSacPyLEgKWmJ6iPusT-8xcpXFP]

I have made the following changes to the standalone.xml to enable SSL:
diff ../standalone/configuration/standalone.xml ../standalone/configuration/standalone_xml_history/standalone.initial.xml :

1c1
< <?xml version='1.0' encoding='UTF-8'?>
---
> <?xml version="1.0" ?>
4d3
< 
33,34d31
< 
< 
47,51d43
<                 <server-identities>
<                     <ssl>
<                         <keystore path="testks.keystore" relative-to="jboss.server.config.dir" keystore-password="Password" alias="testks" key-password="Password"/>
<                     </ssl>
<                 </server-identities>
89d80
< 
188a180
>                     <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
206c198
<             <remote connector-ref="https-remoting-connector" thread-pool-name="default"/>
---
>             <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
305c297
<             <http-connector name="https-remoting-connector" connector-ref="default-https" security-realm="ApplicationRealm"/>
---
>             <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
360c352
<                 <https-listener name="default-https" security-realm="ApplicationRealm" socket-binding="https"/>
---
>                 <http-listener name="default" socket-binding="http" redirect-socket="https"/>
391d382
< 
400d390
<

Apart from this, I have not made any changes to any of the configuration files. When the tracking method is set to COOKIE, the session ids are consistent.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

SessionTrackingSsl.war
718 kB
2016/04/21 4:55 AM

Activity

People

Assignee:: Stuart Douglas

Reporter:: Pradeep Kumar (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2016/04/21 4:51 AM

Updated:: 2017/12/06 12:02 PM

Resolved:: 2016/04/27 11:23 PM