[
https://issues.apache.org/jira/browse/SHIRO-452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bruno GRIEDER updated SHIRO-452:
--------------------------------
Description:
We cache SimpleSession in EhCache which is configured with Overflow to Disk and
an LRU eviction policy.
When the cache is full, EhCache will attempt to evict a session from the Disk
Storage to reclaim space.
To evict the `SimpleSession`, EhCache will attempt to deserialize the eveicted
session first. From time to time, the deserialization of the `SimpleSession`
fails. When that happens the system is locked, since no additional session can
be created.
`SimpleSession` has a custom serialization mechanism that calculates a bit mask
which indicates which fields of the `SimpleSession` contain values. This
bitMask is serialized first (as a Short) then the fields containing values.
When deserialization is failing, the bitMask indicates that the `attributes`
Map contains data, however no `attributes` have actually been serialized and
the deserialization fails with a `java.io.OptionalDataException`.
The discrepancy is very likely due to `attributes` being a non synchronized
Map: the SimpleSession is created on a Servlet thread, however the
serialization to Disk is performed by EhCache on one of its cache management
threads.
SimpleSession fields should likely be marked as volatile and the Map should be
a Synchronized Map or SimpleSession should be made immutable.
was:
We cache SimpleSession in EhCache which is configured with Overflow to Disk and
an LRU eviction policy.
When the cache is full, EhCache will attempt to evict a session from the Disk
Storage to reclaim space.
To evict the `SimpleSession`, EhCache will attempt to deserialize the eveicted
session first. From time to time, the deserialization of the `SimpleSession`
fails. When that happens the system is locked, since no additional session can
be created.
`SimpleSession` has a custom serialization mechanism that calculates a bit mask
which indicates which fields of the `SimpleSession` containing values. This
bitMask is serialized first (as a Short) then the fields containing values.
When deserialization is failing, the bitMask indicates that the `attributes`
Map contains data, however no `attributes` have actually been serialized and
the deserialization fails with a `java.io.OptionalDataException`.
The discrepancy is very likely due to `attributes` being a non synchronized
Map: the SimpleSession is created on a Servlet thread, however the
serialization to Disk is performed by EhCache on one of its cache management
threads.
SimpleSession fields should likely be marked as volatile and the Map should be
a Synchronized Map or SimpleSession should be made immutable.
> SimpleSession serialization failing
> -----------------------------------
>
> Key: SHIRO-452
> URL: https://issues.apache.org/jira/browse/SHIRO-452
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.2.1
> Environment: Java 6 - EhCache 2.6.2
> Reporter: Bruno GRIEDER
>
> We cache SimpleSession in EhCache which is configured with Overflow to Disk
> and an LRU eviction policy.
> When the cache is full, EhCache will attempt to evict a session from the Disk
> Storage to reclaim space.
> To evict the `SimpleSession`, EhCache will attempt to deserialize the
> eveicted session first. From time to time, the deserialization of the
> `SimpleSession` fails. When that happens the system is locked, since no
> additional session can be created.
> `SimpleSession` has a custom serialization mechanism that calculates a bit
> mask which indicates which fields of the `SimpleSession` contain values. This
> bitMask is serialized first (as a Short) then the fields containing values.
> When deserialization is failing, the bitMask indicates that the `attributes`
> Map contains data, however no `attributes` have actually been serialized and
> the deserialization fails with a `java.io.OptionalDataException`.
> The discrepancy is very likely due to `attributes` being a non synchronized
> Map: the SimpleSession is created on a Servlet thread, however the
> serialization to Disk is performed by EhCache on one of its cache management
> threads.
> SimpleSession fields should likely be marked as volatile and the Map should
> be a Synchronized Map or SimpleSession should be made immutable.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
