[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17239880#comment-17239880
]
Ilia Naryzhny commented on WICKET-6848:
---
Seems that this fix created another problem. Please check issue WICKET-6856
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232182#comment-17232182
]
Sven Meier commented on WICKET-6848:
Changes are pushed to master and 8.x now, please take another look and run your
tests.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232177#comment-17232177
]
ASF subversion and git services commented on WICKET-6848:
-
Commit 0c81a8830480d8aa57f3d45f7c6d1ea74b5b4bad in wicket's branch
refs/heads/master from Sven Meier
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=0c81a88 ]
WICKET-6848 sessionInvalidation before flush
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232175#comment-17232175
]
ASF subversion and git services commented on WICKET-6848:
-
Commit a1c94760fdaf5769211c47edfd1a4ac6077e998f in wicket's branch
refs/heads/wicket-8.x from Sven Meier
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=a1c9476 ]
WICKET-6847 WICKET-6848 flush before detach fixes
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17230136#comment-17230136
]
Sven Meier commented on WICKET-6848:
Had to add another commit, that clears pending pages in the request - otherwise
these get stored after flush when no session is available.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229901#comment-17229901
]
Emond Papegaaij commented on WICKET-6848:
-
Ok, I've found the cause. [~svenmeier] on your branch, the session is
invalidated before {{RequestPageStore.end}} is called. With the page still in
the touched pages, this causes a new session to be created in the same request.
Swapping the calls to {{onEndRequest}} in {{RequestCycle.processRequest}} fixes
it.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229895#comment-17229895
]
Emond Papegaaij commented on WICKET-6848:
-
Sorry for being a bit late to reply. I've got a very busy schedule at the
moment. I've tested your changes on my quickstart and I no longer get the
error, but it seems logout is broken now. The session is invalidated, but a new
one is started right away and the user is still logged in. I'm looking into it
to see if I can find the cause of this.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229387#comment-17229387
]
Sven Meier commented on WICKET-6848:
[~papegaaij] could you take a look too please? I'm unsure of the implications
of this change: the session is now invalidated *before* other all other stuff
is detached. I hope this works for clearing of any cookies, but I don't have an
example to test this.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227975#comment-17227975
]
Andrea Del Bene commented on WICKET-6848:
-
Great! Once it's merged on master I can proceed with the release. Thanks folks!
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227938#comment-17227938
]
Ernesto Reinaldo Barreiro commented on WICKET-6848:
---
[~svenmeier]this fixes our problem. Thanks
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227774#comment-17227774
]
Ernesto Reinaldo Barreiro commented on WICKET-6848:
---
A quarter of our 600 selenium tests passed without server side stack traces
(including latest commit). I will report back in a few hours. [~svenmeier]
Thanks again.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227768#comment-17227768
]
Ernesto Reinaldo Barreiro commented on WICKET-6848:
---
[~svenmeier]Thanks for the heads up. I will grab that commit too rebuild and
retest.
regarding adding tests covering this. Our producing this issue are selenium
tests. Not sure if pure wicket test could reproduce this issue.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227766#comment-17227766
]
Sven Meier commented on WICKET-6848:
With commit
[https://github.com/apache/wicket/commit/e07c2521383e094e86b81d13d9252f3c8d783216]
invalidation happens before flush.
This works as the fix for WICKET-6848
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227764#comment-17227764
]
ASF subversion and git services commented on WICKET-6848:
-
Commit e07c2521383e094e86b81d13d9252f3c8d783216 in wicket's branch
refs/heads/WICKET-6847-onEndRequest-before-flush from Sven Meier
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=e07c252 ]
WICKET-6848 sessionInvalidation before flush
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0, 8.10.0
>Reporter: Emond Papegaaij
>Assignee: Emond Papegaaij
>Priority: Major
> Fix For: 9.2.0, 8.11.0
>
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224633#comment-17224633
]
ASF subversion and git services commented on WICKET-6848:
-
Commit 8150ad19cbb3b436f8e8aed32c766269811e6c62 in wicket's branch
refs/heads/wicket-8.x from Emond Papegaaij
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=8150ad1 ]
WICKET-6848: Do not flush before detach when session needs invalidation
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224630#comment-17224630
]
Emond Papegaaij commented on WICKET-6848:
-
I've committed my patch as it does fix this particular issue, but that still
leaves us with WICKET-6847, which is very much related but about session
creation rather than invalidation.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224628#comment-17224628
]
ASF subversion and git services commented on WICKET-6848:
-
Commit 625f9afd88efc98e5c01c89431067385a993d94d in wicket's branch
refs/heads/master from Emond Papegaaij
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=625f9af ]
WICKET-6848: Do not flush before detach when session needs invalidation
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224623#comment-17224623
]
Andrea Del Bene commented on WICKET-6848:
-
I agree with Emond. We might (should?) deprecate invalidateNow but changing it
now for 9.x and 8.x it's not a good idea, and I think it's not even possible as
we must keep APIs behavior consistent across minor releases.
As workaround I would simply implement something that keeps the old order
(detach then flush) only if Session#isSessionInvalidated is true.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224529#comment-17224529
]
Emond Papegaaij commented on WICKET-6848:
-
It is important for the cookie to be cleared. For example, when you are in a
load balancing setup, the cookie is often used to stick the session to a
server. When the cookies aren't cleared on logout, sessions will not be
distributed cleanly.
I also don't know why we have invalidate() and invalidateNow(), but I'm
reluctant to change that in a minor version. Keep in mind we also have to patch
this on 8, as we very likely have the same problem in 8.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224043#comment-17224043
]
Sven Meier commented on WICKET-6848:
It seems that Jetty is just ignoring that fact the cookie can no longer be
cleared. I'm wondering whether this has any negative consequences - as long as
the session is invalidated on the server, clearing the cookie isn't actually
needed, is it?
Just an idea: Couldn't we call SessionStore#invalidate() immediately in
Session#invalidate()? See attached patch.
Actually I never understood why we have invalidate() and invalidateNow() and
their difference.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments:
> WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff,
> wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223680#comment-17223680
]
Emond Papegaaij commented on WICKET-6848:
-
[~reiern70] That's a different bug: WICKET-6847. This bug is about session
invalidation, the other about creation.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223669#comment-17223669
]
Ernesto Reinaldo Barreiro commented on WICKET-6848:
---
java.lang.IllegalStateException: Cannot create a session after the response has
been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:3038)
at org.apache.catalina.connector.Request.getSession(Request.java:2456)
at
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896)
at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231)
at
org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:148)
at
org.apache.wicket.session.HttpSessionStore.getHttpSession(HttpSessionStore.java:85)
at
org.apache.wicket.session.HttpSessionStore.getSessionId(HttpSessionStore.java:146)
at org.apache.wicket.Session.bind(Session.java:276)
at
org.apache.wicket.pageStore.DefaultPageContext.getSessionId(DefaultPageContext.java:44)
at
org.apache.wicket.pageStore.AsynchronousPageStore$PendingAdd.(AsynchronousPageStore.java:150)
at
org.apache.wicket.pageStore.AsynchronousPageStore.addPage(AsynchronousPageStore.java:368)
at
org.apache.wicket.pageStore.SerializingPageStore.addPage(SerializingPageStore.java:82)
at
org.apache.wicket.pageStore.CachingPageStore.addPage(CachingPageStore.java:73)
at
org.apache.wicket.pageStore.RequestPageStore.detach(RequestPageStore.java:102)
at org.apache.wicket.page.PageManager.detach(PageManager.java:85)
at org.apache.wicket.Application$2.onDetach(Application.java:1572)
at
org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:105)
at
org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:101)
at
org.apache.wicket.util.listener.ListenerCollection$1.notify(ListenerCollection.java:120)
at
org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
at
org.apache.wicket.util.listener.ListenerCollection.reversedNotifyIgnoringExceptions(ListenerCollection.java:113)
at
org.apache.wicket.request.cycle.RequestCycleListenerCollection.onDetach(RequestCycleListenerCollection.java:100)
at
org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:669)
at
org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
at
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
I still get this on current master
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223618#comment-17223618
]
Emond Papegaaij commented on WICKET-6848:
-
No, that does not work. At that point the {{RequestCycle}} is not set on the
{{ThreadContext}}, which will result in a {{NullPointerException}} in
{{isInvalidated()}}. Also, {{Session.get()}} will create a session if it does
not yet exist, and I'd rather avoid that at this point. I didn't check if
{{Session.get()}} even returned the correct session. It could be that it simply
created a new one because the session was also not set on the context. Luckily,
we don't need the session for the check, because the boolean is stored as
metadata in the {{RequestCycle}}.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223601#comment-17223601
]
Ernesto Reinaldo Barreiro commented on WICKET-6848:
---
Hi Emond,
+ if (reqProcessed &&
!Session.isSessionInvalidated(requestCycle))
{
Cannot this be Session.get().isInvalidated()? Or session was already detached
from request thread?
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223545#comment-17223545
]
Emond Papegaaij commented on WICKET-6848:
-
The attached patch fixes the issue by not flushing before detach when the
session is marked for invalidation. It fixes the issue, but I do not like this
special case. However, I do not see a way to fix the issue any other way.
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223533#comment-17223533
]
Maxim Solodovnik commented on WICKET-6848:
--
I saw such stacktrace on Tomcat once
It happen during login (session was replaced)
It is not reproducible for me since then
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223529#comment-17223529
]
Emond Papegaaij commented on WICKET-6848:
-
I've done some more debugging and the current behavior definitely is broken.
When I remove the 'distributable' element from the web.xml and run it against
Wicket 9.0.0, I see a set-cookie header in the response of the logout request
to clear the JSESSIONID cookie. With 9.1.0 and master, this set-cookie header
is missing. So even though the stacktrace is not triggered, behavior has
changed.
What is puzzling though, is that on Jetty I do not get the set-cookie header,
not even on 9.0.0. Why is Jetty not clearing the cookie on logout? Is this a
bug?
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
>
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[
https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223506#comment-17223506
]
Emond Papegaaij commented on WICKET-6848:
-
I've managed to produce a quickstart for this problem, but the stacktrace only
occurs on WildFly, not on Jetty. Also, the session needs to be distributable to
trigger the error. I don't understand why a distributable session has different
characteristics on this. I would expect this to fail for every session type.
This bug is not fixed on master yet.
For the quickstart: build the application, deploy it on wildfly, navigate to
http://localhost:8080/wicket6848-1.0-SNAPSHOT and click on the link that says
'Click here!'
> Session invalidation fails because response is already committed
>
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
>Affects Versions: 9.1.0
>Reporter: Emond Papegaaij
>Priority: Major
> Attachments: wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely
> related to the changes made with WICKET-6831. We are currently checking if
> this has been fixed by the latest changes on master, but I believe this is a
> different issue.
> From the stacktrace I deduce that the session is invalidated as part of
> detach, but as detach is now called after flush, it is no longer possible to
> invalidate the HttpSession at this point (you cannot clear the JSESSIONID
> cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception
> handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009:
> Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8
> after the response was committed (e.g. after HttpServletResponse.sendRedirect
> or sendError)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at
> org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
> io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
