[jira] [Created] (WICKET-7056) HttpSessionStore#getAttribute called on invalidated session

Wed, 17 May 2023 03:15:04 -0700 

David Rain created WICKET-7056:
----------------------------------

             Summary: HttpSessionStore#getAttribute called on invalidated 
session
                 Key: WICKET-7056
                 URL: https://issues.apache.org/jira/browse/WICKET-7056
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 8.13.0
         Environment: Ubuntu Linux v. 18
WebSphere AS 9.0.5.14
Wicket 8.13.0
            Reporter: David Rain


The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take an 
invalidated session state into account.

Thus the e.g. getAttribute method the calls the httpSession#getAttribute which 
results to the exception being thrown by server (WebSphere and Jetty in our 
case). See 
[https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]

In my opinion the HttpSessionStore should check the valid state of the session 
before trying to access it.
{code:java}
Exception occurred during onEndRequest
java.lang.IllegalStateException: The following session is not valid! 
FAMtHV-7DvEsvj07hsLKExc
    at 
com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
    at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
    at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
    at 
com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
    at 
org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
    at 
org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
    at 
org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
    at org.apache.wicket.Session.bind(Session.java:268)
    at 
org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
    at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
    at org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
    at 
org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
    at 
org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
    at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
    at 
org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
    at 
org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
    at 
org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
    at 
org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
    at 
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
    at 
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
    at 
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
    at 
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
    at 
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
    at 
com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
    at 
com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
    at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
    at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
    at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    at 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
    at 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
    at 
com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
    at 
com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at 
cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
    at 
cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
    at 
com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
    at 
com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at 
com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
    at 
com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
    at 
com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
    at 
com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
    at 
com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
    at 
com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
    at 
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
    at 
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
    at 
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
    at 
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
    at 
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
    at 
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
    at 
com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
    at 
com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
    at 
com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
    at 
com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to