[Bug 69846] New: PersistentManager does not reliably persist sessions during graceful shutdown in distributed environments (e.g., Kubernetes)

Wed, 08 Oct 2025 06:42:43 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69846

            Bug ID: 69846
           Summary: PersistentManager does not reliably persist sessions
                    during graceful shutdown in distributed environments
                    (e.g., Kubernetes)
           Product: Tomcat 10
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Manager
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ------

Detailed Description:

We are running a Spring Boot application deployed across multiple PODs in
Kubernetes using an Ingress with sticky session. Tomcat is configured with a
PersistentManager and a shared FileStore to persist HTTP sessions.
During a graceful shutdown of a POD, Tomcat attempts to persist all active
sessions to disk via the PersistentManager. However, Kubernetes immediately
reroutes incoming requests to other live PODs, and these requests may arrive
before the shutting-down POD has finished saving all sessions to the shared
FileStore.
As a result, the new POD receives requests for sessions that have not yet been
persisted, leading to errors


Environment:

Tomcat version: tomcat embed core: 10.1.46
Spring Boot version: 3.5.6
Kubernetes version: Server Version: v1.31.1-mirantis-1
Session persistence: PersistentManager + FileStore on a shared volume on K8s
Deployment model: n > 1 PODs with traffic load balancing and sticky session

Expected Behavior:

The PersistentManager should:
- Ensure all sessions are fully persisted before the POD is removed from
traffic routing.
- Alternatively, provide a mechanism to delay traffic rerouting until session
persistence is complete.

Actual Behavior:
Session persistence is asynchronous relative to traffic rerouting, causing a
race condition between session saving and incoming requests to other PODs.

Suggested Improvements:

Introduce a blocking mechanism for inbound requests, or lifecycle hook in
PersistentManager to signal when session persistence is complete.
Expose an event or listener to monitor session saving during shutdown.
Document the behavior clearly and provide best practices for distributed
environments.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to