https://bz.apache.org/bugzilla/show_bug.cgi?id=69781
Bug ID: 69781
Summary: FileStore used with PersistentValve can cause
EOFException during session expiration checks and
dropped session
Product: Tomcat 10
Version: 10.1.44
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: aogb...@redhat.com
Target Milestone: ------
The FileStore save and remove operations if done concurrently with load
attempts are not really thread safe. The file writes/deletes from save or
remove can lop off the data that a load is attempting to read so that the load
attempt hits an EOFException. This has been noted when using it combination
with a PersistentValve and PersistentManager:
<Valve className="org.apache.catalina.valves.PersistentValve" />
<Manager className="org.apache.catalina.session.PersistentManager"
processExpiresFrequency="1">
<Store className="org.apache.catalina.session.FileStore" />
</Manager>
If a FileStore save attempt from the PersistentValve at the end of a request
happens alongside a background processExpires check FileStore load attempt for
the same session, then this can induce an EOFException like below during the
load attempt:
SEVERE [Catalina-utility-1]
org.apache.catalina.session.StoreBase.processExpires Error processing session
expiration for key [3DFF110B8415939F736A5751783ECDA9]
java.io.EOFException
at
java.base/java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2933)
at
java.base/java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:3428)
at
java.base/java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:985)
at
java.base/java.io.ObjectInputStream.<init>(ObjectInputStream.java:416)
at
org.apache.catalina.util.CustomObjectInputStream.<init>(CustomObjectInputStream.java:87)
at
org.apache.catalina.session.StoreBase.getObjectInputStream(StoreBase.java:204)
at
org.apache.catalina.session.FileStore.load(FileStore.java:200)
at
org.apache.catalina.session.StoreBase.processExpires(StoreBase.java:138)
at
org.apache.catalina.session.PersistentManagerBase.processExpires(PersistentManagerBase.java:409)
at
org.apache.catalina.session.ManagerBase.backgroundProcess(ManagerBase.java:587)
at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:4837)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1172)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1176)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1176)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1154)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
at
java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:358)
at
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:1583)
That EOFException is then caught and handled at
https://github.com/apache/tomcat/blob/10.1.x/java/org/apache/catalina/session/StoreBase.java#L173
to result in the session being removed and dropped unexpectedly before any
expected expiration.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
