https://bz.apache.org/bugzilla/show_bug.cgi?id=65755
Bug ID: 65755
Summary: Users sporadically receive responses intended for
other user's session
Product: Tomcat 8
Version: 8.5.64
Hardware: Other
OS: Linux
Status: NEW
Severity: critical
Priority: P1
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: dimitrios.psymar...@atos.net
Target Milestone: ----
userA tries to use on its browser the application's url
userA appears to have logon as userB as the session cookie actually belongs to
userB.
In such cases tomcat restart is needed and users need to logout and login again
and it seems that the problem is resolved by this workaround.
The application uses the embedded tomcat v8.5.64, we already have the following
property set to true.
org.apache.catalina.connector.RECYCLE_FACADES=true
We are observing in catalina logs multiple incidents of
"The request object has been recycled and is no longer associated with this
facade"
The full stack trace below:
2021-11-26 18:33:35,526 ERROR [[default]] - Servlet.service() for servlet
[default] threw exception2021-11-26 18:33:35,526 ERROR [[default]] -
Servlet.service() for servlet [default] threw
exceptionjava.lang.IllegalStateException: The request object has been recycled
and is no longer associated with this facade at
org.apache.catalina.connector.RequestFacade.getHeader(RequestFacade.java:686)
at
javax.servlet.http.HttpServletRequestWrapper.getHeader(HttpServletRequestWrapper.java:87)
at
org.apache.catalina.servlets.DefaultServlet.checkIfMatch(DefaultServlet.java:2315)
at
org.apache.catalina.servlets.DefaultServlet.checkIfHeaders(DefaultServlet.java:788)
at
org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:903)
at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:626) at
org.apache.catalina.servlets.DefaultServlet.service(DefaultServlet.java:490) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:733) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at
org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:711)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:460)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:387)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:315)
at
org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213)
at
org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at
org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
net.openscape.webclient.servlet.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:65)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
at com.siemens.ca.http.server.catalina.DumperValve.invoke(DumperValve.java:321)
at
com.siemens.ca.http.server.catalina.CharacterEncodingValve.invoke(CharacterEncodingValve.java:42)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:820)2021-11-26 18:33:35,527 ERROR
[[default]] - Servlet.service() for servlet [default] in context with path
[/openscapeuc] threw exceptionjava.lang.NullPointerException at
org.apache.catalina.connector.RequestFacade.isAsyncStarted(RequestFacade.java:1044)
at
javax.servlet.ServletRequestWrapper.isAsyncStarted(ServletRequestWrapper.java:414)
at
org.apache.catalina.core.ApplicationDispatcher.unwrapRequest(ApplicationDispatcher.java:790)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:766)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:460)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:387)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:315)
at
org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213)
at
org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at
org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
net.openscape.webclient.servlet.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:65)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
at com.siemens.ca.http.server.catalina.DumperValve.invoke(DumperValve.java:321)
at
com.siemens.ca.http.server.catalina.CharacterEncodingValve.invoke(CharacterEncodingValve.java:42)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:820)
Apart from the above multiple exceptions are also reported:
2021-11-26 18:30:42,412 INFO [CoyoteAdapter] - Encountered a non-recycled
request and recycled it forcedly.
org.apache.catalina.connector.CoyoteAdapter$RecycleRequiredException
at
org.apache.catalina.connector.CoyoteAdapter.checkRecycled(CoyoteAdapter.java:546)
at
org.apache.coyote.http11.Http11Processor.recycle(Http11Processor.java:1577)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.release(AbstractProtocol.java:1021)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.release(AbstractProtocol.java:1054)
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.close(NioEndpoint.java:1260)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doClose(WsRemoteEndpointImplServer.java:173)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.close(WsRemoteEndpointImplBase.java:739)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:148)
at
org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:77)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:509)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:395)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:832)
at
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendStringByCompletion(WsRemoteEndpointImplBase.java:213)
at
org.apache.tomcat.websocket.WsRemoteEndpointAsync.sendText(WsRemoteEndpointAsync.java:47)
at
org.atmosphere.container.version.JSR356WebSocket.write(JSR356WebSocket.java:73)
at org.atmosphere.websocket.WebSocket.write(WebSocket.java:255)
at org.atmosphere.websocket.WebSocket.write(WebSocket.java:220)
at org.atmosphere.websocket.WebSocket.write(WebSocket.java:46)
at
org.atmosphere.cpr.AtmosphereResponseImpl$Stream.write(AtmosphereResponseImpl.java:956)
at
org.atmosphere.cpr.AtmosphereResponseImpl.write(AtmosphereResponseImpl.java:802)
at
org.atmosphere.cpr.AtmosphereResponseImpl.write(AtmosphereResponseImpl.java:783)
at
org.atmosphere.cpr.AtmosphereResourceImpl.write(AtmosphereResourceImpl.java:587)
at
net.openscape.webclient.websocket.DirectClient$ResourceWriter.run(DirectClient.java:117)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:820)
and also
2021-12-02 10:58:20,281 ERROR [org.apache.coyote.http11.Http11Processor] Error
processing request2021-12-02 10:58:20,281 ERROR
[org.apache.coyote.http11.Http11Processor] Error processing
requestjava.lang.AssertionError at
org.apache.catalina.mapper.Mapper.internalMap(Mapper.java:744) at
org.apache.catalina.mapper.Mapper.map(Mapper.java:702) at
org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:714)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:358)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:820)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
