Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6489

Distributable session may not exist after redirect to same node with optimistic locking.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Critical
    • None
    • 8.2.1.Final, 10.0.0.Final, 10.1.0.CR1
    • Clustering
    • None
    • Hide

      You can use the attached sample application to reproduce the issue, using the attached standalone.xml:

      • Hit /testwar/testservlet1
        • Creates a new session.
        • Sets a session variable
        • Redirects to /testwar/testservlet2
        • A convient "Reset Session" link has been added to /testwar/testservlet2 to hit again /testwar/testservlet1

      When testing on two nodes, only a single node needs to be restarted to reproduce by hitting the restarted node. With the sample code, the JSESSIONID cookie needs to be flushed before clicking on the "Reset Session" link to try again. The attempt to invalidate the session in TestServlet1 seems sufficient to hide the issue.

      I've also added a sample servlet that uses a JS client side redirection rather than a server side redirection to delay a bit the redirection. The issue can be seen with two nodes, but not with a single node.

      Show
      You can use the attached sample application to reproduce the issue, using the attached standalone.xml: Hit /testwar/testservlet1 Creates a new session. Sets a session variable Redirects to /testwar/testservlet2 A convient "Reset Session" link has been added to /testwar/testservlet2 to hit again /testwar/testservlet1 When testing on two nodes, only a single node needs to be restarted to reproduce by hitting the restarted node. With the sample code, the JSESSIONID cookie needs to be flushed before clicking on the "Reset Session" link to try again. The attempt to invalidate the session in TestServlet1 seems sufficient to hide the issue. I've also added a sample servlet that uses a JS client side redirection rather than a server side redirection to delay a bit the redirection. The issue can be seen with two nodes, but not with a single node.
    • User Experience

    Description

      I'm currently working on porting an application running on EAP 6.1 to WildFly 10 and am encountering multiple session/authentication issues with clustering enabled. Our login flow currently starts from a servlet that accepts the credentials, creates the session, then redirect to the welcome page.

      The first time we execute this flow after the startup of a node, the welcome page can't see at all the session created previously.

      • request.getSession() creates yet another session and a new session cookie is returned.
      • request.getSession(false) returns "null"

      On the second attempt, the flow works as expected.

      The issue can be reproduced on both a single node or a two nodes cluster, as long as <distributable /> is enabled in web.xml.

      We are currently using the master build https://ci.jboss.org/hudson/job/WildFly-latest-master/2244/, but the problem has been noticed on 10.0.0-Final and also 8.2.1-Final.

      I attached a sample web application that I used to reproduce the issue. Our standalone.xml is also included with the clustering configuration we've been using for the web/session cache.

      Attachments

        Activity

          People

            pferraro@redhat.com Paul Ferraro
            glavoie_jira Gabriel Lavoie (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: