[
https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17772258#comment-17772258
]
David Rain commented on WICKET-7056:
------------------------------------
Hello [~mgrigorov],
I've opened [https://github.com/apache/wicket/pull/670]
I decided not to synchronize methods because that could lead to severe P4M
impacts. I also could not synchronize on the HttpSession object because
containers can return different Java objects for the same session. And moreover
... the session can be invalidated by the container on the background.
So the easiest way with no P4M issues seems to catch thrown exceptions and
(DEBUG) log them.
Our banking application works OK with this snapshot but I cannot do any PoC in
test environment because the error happens only few times a day in production
with hundred of thousand clients... I can verify only in production after
8.16.0 is released.
> HttpSessionStore#getAttribute called on invalidated session
> -----------------------------------------------------------
>
> Key: WICKET-7056
> URL: https://issues.apache.org/jira/browse/WICKET-7056
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.13.0
> Environment: Ubuntu Linux v. 18
> WebSphere AS 9.0.5.14
> Wicket 8.13.0
> Reporter: David Rain
> Priority: Major
> Labels: Wicket, invalidation, session
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take
> an invalidated session state into account.
> Thus the e.g. getAttribute method the calls the httpSession#getAttribute
> which results to the exception being thrown by server (WebSphere and Jetty in
> our case). See
> [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]
> In my opinion the HttpSessionStore should check the valid state of the
> session before trying to access it.
> {code:java}
> Exception occurred during onEndRequest
> java.lang.IllegalStateException: The following session is not valid!
> FAMtHV-7DvEsvj07hsLKExc
> at
> com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
> at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
> at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
> at
> com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
> at
> org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
> at
> org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
> at
> org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
> at org.apache.wicket.Session.bind(Session.java:268)
> at
> org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
> at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
> at
> org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
> at
> org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
> at
> org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
> at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
> at
> org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
> at
> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
> at
> cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
> at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
> at
> com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
> at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
> at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
> at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
