-
Bug
-
Resolution: Done
-
Major
-
2.2.6.Final
-
None
When testing our system with multiple users, we sometimes get into a situation where one user gets the log in context of another user. This typically happens when running parts of our system with many bugs/stacktraces, combined with a session timeout.
I am able to reproduce the error in a local test environment, and what I observe is that a thread that is involved in a certain error situation gets invalid state. Requests that are processed by this thread gets session scoped beans that are related to the user that was logged in during the error situation. Typically, I can refresh my browser and in the response I see that the logged in user and access rights in menus change whenever I hit a bad thread.
The following information from the log file seems to be important:
2014-11-24 18:25:23,372 ERROR [io.undertow.request] (default task-5) UT005023: Exception handling request to /secure/counting/startCounting.xhtml: java.lang.IllegalStateException: UT000010: Session not found k8HV3WF4xJ6c8lx7HX8Dz3rM at io.undertow.server.session.InMemorySessionManager$SessionImpl.removeAttribute(InMemorySessionManager.java:389) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.spec.HttpSessionImpl.removeAttribute(HttpSessionImpl.java:182) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.spec.HttpSessionImpl.setAttribute(HttpSessionImpl.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.presentation.exceptions.ErrorPageRenderer.render(ErrorPageRenderer.java:84) [classes:] at no.evote.presentation.exceptions.ErrorPageRenderer.render500Error(ErrorPageRenderer.java:72) [classes:] at no.evote.presentation.exceptions.CustomExceptionHandler.handle(CustomExceptionHandler.java:85) [classes:] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:119) [jsf-impl-2.2.8-jbossorg-1.jar:] at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219) [jsf-impl-2.2.8-jbossorg-1.jar:] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647) [jboss-jsf-api_2.2_spec-2.2.8.jar:2.2.8] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:72) [primefaces-5.0.8.jar:5.0.8] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.service.security.DisableCachingFilter.doFilter(DisableCachingFilter.java:28) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.service.security.SelectRoleFilter.doFilter(SelectRoleFilter.java:68) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.service.security.CSRFFilter.doFilter(CSRFFilter.java:48) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.valg.eva.admin.frontend.security.SamlAssertionFilter.doFilter(SamlAssertionFilter.java:92) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.presentation.util.filters.IEModeFilter.doFilter(IEModeFilter.java:38) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at no.evote.presentation.util.filters.ForceLocaleFilter.doFilter(ForceLocaleFilter.java:55) [classes:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51] at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] 2014-11-24 18:25:23,379 WARN [org.jboss.weld.Context] (default task-5) WELD-000224: Unable to clear the bean store org.jboss.weld.context.beanstore.http.LazySessionBeanStore@133b87c6. 2014-11-24 18:25:23,379 WARN [org.jboss.weld.Servlet] (default task-5) WELD-000712: Unable to dissociate context org.jboss.weld.context.http.LazyHttpConversationContextImpl@79d94ec0 when destroying request io.undertow.servlet.spec.HttpServletRequestImpl@29c15dbf 2014-11-24 18:25:23,381 ERROR [io.undertow.servlet.request] (default task-5) UT015005: Error invoking method requestDestroyed on listener class org.jboss.weld.servlet.WeldInitialListener: java.lang.IllegalStateException: UT000010: Session not found k8HV3WF4xJ6c8lx7HX8Dz3rM at io.undertow.server.session.InMemorySessionManager$SessionImpl.setAttribute(InMemorySessionManager.java:373) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.spec.HttpSessionImpl.setAttribute(HttpSessionImpl.java:168) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at org.jboss.weld.context.beanstore.http.AbstractSessionBeanStore.setAttribute(AbstractSessionBeanStore.java:67) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.context.beanstore.AttributeBeanStore.attach(AttributeBeanStore.java:88) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.context.AbstractConversationContext.deactivate(AbstractConversationContext.java:297) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.context.http.LazyHttpConversationContextImpl.deactivate(LazyHttpConversationContextImpl.java:75) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.servlet.ConversationContextActivator.deactivateConversationContext(ConversationContextActivator.java:154) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.servlet.HttpContextLifecycle.requestDestroyed(HttpContextLifecycle.java:274) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at org.jboss.weld.servlet.WeldInitialListener.requestDestroyed(WeldInitialListener.java:143) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05] at io.undertow.servlet.core.ApplicationListeners.requestDestroyed(ApplicationListeners.java:225) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:304) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51] at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
After this happens, the thread task-5 is in an invalid state, and users served by this thread get context information from the previous user.
- relates to
-
-
- Resolved
-
