Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-2585

Race in AbstractConversationContext#getConversationIdGenerator() for BoundConversationContext

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.1.2.Final
    • Component/s: Scopes & Contexts
    • Labels:
      None
    • Environment:

      WildFly 14.0.0.Final (Weld 3.0.5.Final)

      Description

      AbstractConversationContext#getConversationIdGenerator() is inherently racy in the case where the generator has not been created yet. If multiple threads happen to enter it at the same time, they might create multiple generators, which in turn leads to duplicate conversation IDs.

      This is essentially the same issue as WELD-1418, but the fix for that issue only fixed HttpConversationContextImpl. BoundConversationContextImpl still has a problem because nothing will call sessionCreated() for it. Even if something did, I don't think that would fix the problem since that just copies the generator from the request to the session and the request may not have a generator yet either. There's also the headache that sessionCreated() is a public method but is not part of the BoundConversationContext interface, so the calling code would have to cast to an implementation class.

      Workaround: call generateConversationId() at some early point when there can't be multiple threads competing with each other:

      boundConvCtx.associate(fakeRequest);
      try {
      	boundConvCtx.generateConversationId();
      } finally {
      	boundConvCtx.dissociate(fakeRequest);
      }
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                manovotn Matěj Novotný
                Reporter:
                rcd Richard DiCroce
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: