details: https://code.openbravo.com/erp/devel/pi/rev/d42333fb081c changeset: 23505:d42333fb081c user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Wed Jun 18 09:12:58 2014 +0200 summary: fixed bug 26846: removed inactive session check in context initialization this was causing problems with load balanced and it orginal purpose of handling concurrent users is not valid anymore as per fix of #11039
details: https://code.openbravo.com/erp/devel/pi/rev/1b61c0094c3e changeset: 23506:1b61c0094c3e user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Wed Jun 18 09:14:15 2014 +0200 summary: related to bug 26846: prevent warning in code: The static field SessionListener.context should be accessed in a static way details: https://code.openbravo.com/erp/devel/pi/rev/1909dd43a825 changeset: 23507:1909dd43a825 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Wed Jun 18 14:32:02 2014 +0200 summary: fixed issue 26847: remove inactive sessions earlier inactive sessions are removed on tomcat start diffstat: src/org/openbravo/erpCommon/security/SessionListener.java | 85 +++--------- src/org/openbravo/erpCommon/security/SessionLogin_data.xsql | 32 ++-- 2 files changed, 40 insertions(+), 77 deletions(-) diffs (213 lines): diff -r 3d6754bc564f -r 1909dd43a825 src/org/openbravo/erpCommon/security/SessionListener.java --- a/src/org/openbravo/erpCommon/security/SessionListener.java Wed Jun 18 14:21:18 2014 +0530 +++ b/src/org/openbravo/erpCommon/security/SessionListener.java Wed Jun 18 14:32:02 2014 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2009-2012 Openbravo SLU + * All portions are Copyright (C) 2009-2014 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -19,17 +19,14 @@ package org.openbravo.erpCommon.security; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.net.SocketTimeoutException; -import java.net.URL; +import java.text.SimpleDateFormat; +import java.util.Calendar; import java.util.Vector; import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; import javax.servlet.ServletException; -import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; @@ -39,6 +36,8 @@ public class SessionListener implements HttpSessionListener, ServletContextListener { + private static final int PING_TIMEOUT_SECS = 120; + private static final Logger log = Logger.getLogger(SessionListener.class); private static Vector<String> sessionsInContext = new Vector<String>(); @@ -73,7 +72,7 @@ SessionLoginData .deactivate((ConnectionProvider) event.getServletContext() .getAttribute("openbravoPool"), sessionId); - this.context = null; + SessionListener.context = null; log.info("Deactivated session: " + sessionId); } catch (ServletException e1) { log.error(e1.getMessage(), e1); @@ -101,78 +100,40 @@ public void contextInitialized(ServletContextEvent event) { SessionListener.context = event.getServletContext(); - // Look orphan sessions and close them, these sessions are: - // -All the ones in the current context that will generate a time out when querying the servlet - // -The ones in other contexts that are no longer active + ConnectionProvider cp = (ConnectionProvider) context.getAttribute("openbravoPool"); - SessionLoginData activeSessions[]; try { - activeSessions = SessionLoginData.activeSessions((ConnectionProvider) SessionListener.context - .getAttribute("openbravoPool")); + // Mark as inactive those sessions that were active and didn't send any ping during last + // 120secs. And those ones that didn't send any ping and were created at least 1 day ago. + // This is similar to what is done in ActivationKey.deactivateTimeOutSessions but for all + // types of sessions. + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.SECOND, (-1) * PING_TIMEOUT_SECS); - for (SessionLoginData session : activeSessions) { - if (!checkSessionInRemoteContext(session.adSessionId, session.serverUrl)) { - deactivateSession(session.adSessionId); - } - } - } catch (ServletException e) { - log.error("Error checking orphan sessions", e); + String strDate = new SimpleDateFormat("YYYY-MM-dd HH:mm:ss").format(cal.getTime()); + long t = System.currentTimeMillis(); + int deactivatedSessions = SessionLoginData.deactivateExpiredSessions(cp, strDate); + log.debug("Deactivated " + deactivatedSessions + + " old session(s) while starting server. Took: " + (System.currentTimeMillis() - t) + + "ms."); + } catch (Exception e) { + log.error("Error deactivating expired sessions", e); } // Decide whether audit trail is active try { - SessionInfo.setAuditActive(SessionLoginData - .isAudited((ConnectionProvider) SessionListener.context.getAttribute("openbravoPool"))); + SessionInfo.setAuditActive(SessionLoginData.isAudited(cp)); } catch (Exception e) { log.error("Error activating audit trail", e); } try { - SessionInfo.setUsageAuditActive(SessionLoginData - .isUsageAuditEnabled((ConnectionProvider) SessionListener.context - .getAttribute("openbravoPool"))); + SessionInfo.setUsageAuditActive(SessionLoginData.isUsageAuditEnabled(cp)); } catch (Exception e) { log.error("Error activating usage audit", e); } } - private boolean checkSessionInRemoteContext(String sessionId, String serverUrl) { - try { - log.info("Checking session " + sessionId + " in context " + serverUrl); - URL url = new URL(serverUrl + "/security/SessionActive?id=" + sessionId); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestProperty("Keep-Alive", "300"); - conn.setRequestProperty("Connection", "keep-alive"); - conn.setRequestMethod("POST"); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - - // Set short timeouts because for current context sessions timeout will be raised - conn.setConnectTimeout(500); - conn.setReadTimeout(500); - - if (conn.getResponseCode() == HttpServletResponse.SC_OK) { - InputStream is = conn.getInputStream(); - byte buff[] = new byte[100]; - int len; - String result = ""; - while ((len = is.read(buff)) != -1) { - result += new String(buff, 0, len); - } - return result.equals("true"); - } else { - return false; - } - } catch (SocketTimeoutException e) { - log.debug("Timeout connecting to " + serverUrl + " to check session " + sessionId); - } catch (Exception e) { - log.debug("Error checking remote session " + sessionId + " in context " + serverUrl, e); - } - return false; - } - @Override public void sessionCreated(HttpSessionEvent event) { // do nothing diff -r 3d6754bc564f -r 1909dd43a825 src/org/openbravo/erpCommon/security/SessionLogin_data.xsql --- a/src/org/openbravo/erpCommon/security/SessionLogin_data.xsql Wed Jun 18 14:21:18 2014 +0530 +++ b/src/org/openbravo/erpCommon/security/SessionLogin_data.xsql Wed Jun 18 14:32:02 2014 +0200 @@ -12,7 +12,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2001-2012 Openbravo SLU + * All portions are Copyright (C) 2001-2014 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -21,16 +21,14 @@ <SqlClass name="SessionLoginData" package="org.openbravo.erpCommon.security"> <SqlClassComment></SqlClassComment> - <SqlMethod name="activeSessions" type="preparedStatement" return="multiple"> + <SqlMethod name="selectSupportContact" type="preparedStatement" return="string"> <Sql><![CDATA[ - SELECT AD_SESSION_ID, SERVER_URL - FROM AD_SESSION - WHERE SESSION_ACTIVE = 'Y' + SELECT SUPPORT_CONTACT + FROM AD_SYSTEM_INFO ]]></Sql> - <Field name="supportContact" value=""/> </SqlMethod> - <SqlMethod name="deactivate" type="preparedStatement" return="rowCount"> + <SqlMethod name="deactivate" type="preparedStatement" return="rowCount"> <Sql><![CDATA[ UPDATE AD_Session SET SESSION_ACTIVE = 'N' @@ -39,6 +37,17 @@ <Parameter name="adSessionId"/> </SqlMethod> + <SqlMethod name="deactivateExpiredSessions" type="preparedStatement" return="rowCount"> + <Sql><![CDATA[ + UPDATE AD_Session + SET Session_Active = 'N' + WHERE Session_Active = 'Y' + AND (Last_Session_Ping < to_timestamp(?, 'YYYY-MM-DD HH24:MI:SS') + or (Last_Session_Ping is null and created < now() - 1)) + ]]></Sql> + <Parameter name="lastValidPingTime"/> + </SqlMethod> + <SqlMethod name="isSessionActive" type="preparedStatement" return="boolean"> <Sql><![CDATA[ SELECT COUNT(*) @@ -49,14 +58,7 @@ <Parameter name="adSessionId"/> </SqlMethod> - <SqlMethod name="selectSupportContact" type="preparedStatement" return="string"> - <Sql><![CDATA[ - SELECT SUPPORT_CONTACT - FROM AD_SYSTEM_INFO - ]]></Sql> - </SqlMethod> - - <SqlMethod name="isAudited" type="preparedStatement" return="boolean"> + <SqlMethod name="isAudited" type="preparedStatement" return="boolean"> <Sql><