[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17239880#comment-17239880 ] Ilia Naryzhny commented on WICKET-6848: --- Seems that this fix created another problem. Please check issue WICKET-6856 > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232182#comment-17232182 ] Sven Meier commented on WICKET-6848: Changes are pushed to master and 8.x now, please take another look and run your tests. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232177#comment-17232177 ] ASF subversion and git services commented on WICKET-6848: - Commit 0c81a8830480d8aa57f3d45f7c6d1ea74b5b4bad in wicket's branch refs/heads/master from Sven Meier [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=0c81a88 ] WICKET-6848 sessionInvalidation before flush > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232175#comment-17232175 ] ASF subversion and git services commented on WICKET-6848: - Commit a1c94760fdaf5769211c47edfd1a4ac6077e998f in wicket's branch refs/heads/wicket-8.x from Sven Meier [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=a1c9476 ] WICKET-6847 WICKET-6848 flush before detach fixes > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17230136#comment-17230136 ] Sven Meier commented on WICKET-6848: Had to add another commit, that clears pending pages in the request - otherwise these get stored after flush when no session is available. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229901#comment-17229901 ] Emond Papegaaij commented on WICKET-6848: - Ok, I've found the cause. [~svenmeier] on your branch, the session is invalidated before {{RequestPageStore.end}} is called. With the page still in the touched pages, this causes a new session to be created in the same request. Swapping the calls to {{onEndRequest}} in {{RequestCycle.processRequest}} fixes it. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229895#comment-17229895 ] Emond Papegaaij commented on WICKET-6848: - Sorry for being a bit late to reply. I've got a very busy schedule at the moment. I've tested your changes on my quickstart and I no longer get the error, but it seems logout is broken now. The session is invalidated, but a new one is started right away and the user is still logged in. I'm looking into it to see if I can find the cause of this. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17229387#comment-17229387 ] Sven Meier commented on WICKET-6848: [~papegaaij] could you take a look too please? I'm unsure of the implications of this change: the session is now invalidated *before* other all other stuff is detached. I hope this works for clearing of any cookies, but I don't have an example to test this. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227975#comment-17227975 ] Andrea Del Bene commented on WICKET-6848: - Great! Once it's merged on master I can proceed with the release. Thanks folks! > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227938#comment-17227938 ] Ernesto Reinaldo Barreiro commented on WICKET-6848: --- [~svenmeier]this fixes our problem. Thanks > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227774#comment-17227774 ] Ernesto Reinaldo Barreiro commented on WICKET-6848: --- A quarter of our 600 selenium tests passed without server side stack traces (including latest commit). I will report back in a few hours. [~svenmeier] Thanks again. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227768#comment-17227768 ] Ernesto Reinaldo Barreiro commented on WICKET-6848: --- [~svenmeier]Thanks for the heads up. I will grab that commit too rebuild and retest. regarding adding tests covering this. Our producing this issue are selenium tests. Not sure if pure wicket test could reproduce this issue. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227766#comment-17227766 ] Sven Meier commented on WICKET-6848: With commit [https://github.com/apache/wicket/commit/e07c2521383e094e86b81d13d9252f3c8d783216] invalidation happens before flush. This works as the fix for WICKET-6848 > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17227764#comment-17227764 ] ASF subversion and git services commented on WICKET-6848: - Commit e07c2521383e094e86b81d13d9252f3c8d783216 in wicket's branch refs/heads/WICKET-6847-onEndRequest-before-flush from Sven Meier [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=e07c252 ] WICKET-6848 sessionInvalidation before flush > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Assignee: Emond Papegaaij >Priority: Major > Fix For: 9.2.0, 8.11.0 > > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224633#comment-17224633 ] ASF subversion and git services commented on WICKET-6848: - Commit 8150ad19cbb3b436f8e8aed32c766269811e6c62 in wicket's branch refs/heads/wicket-8.x from Emond Papegaaij [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=8150ad1 ] WICKET-6848: Do not flush before detach when session needs invalidation > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224630#comment-17224630 ] Emond Papegaaij commented on WICKET-6848: - I've committed my patch as it does fix this particular issue, but that still leaves us with WICKET-6847, which is very much related but about session creation rather than invalidation. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224628#comment-17224628 ] ASF subversion and git services commented on WICKET-6848: - Commit 625f9afd88efc98e5c01c89431067385a993d94d in wicket's branch refs/heads/master from Emond Papegaaij [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=625f9af ] WICKET-6848: Do not flush before detach when session needs invalidation > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224623#comment-17224623 ] Andrea Del Bene commented on WICKET-6848: - I agree with Emond. We might (should?) deprecate invalidateNow but changing it now for 9.x and 8.x it's not a good idea, and I think it's not even possible as we must keep APIs behavior consistent across minor releases. As workaround I would simply implement something that keeps the old order (detach then flush) only if Session#isSessionInvalidated is true. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224529#comment-17224529 ] Emond Papegaaij commented on WICKET-6848: - It is important for the cookie to be cleared. For example, when you are in a load balancing setup, the cookie is often used to stick the session to a server. When the cookies aren't cleared on logout, sessions will not be distributed cleanly. I also don't know why we have invalidate() and invalidateNow(), but I'm reluctant to change that in a minor version. Keep in mind we also have to patch this on 8, as we very likely have the same problem in 8. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224043#comment-17224043 ] Sven Meier commented on WICKET-6848: It seems that Jetty is just ignoring that fact the cookie can no longer be cleared. I'm wondering whether this has any negative consequences - as long as the session is invalidated on the server, clearing the cookie isn't actually needed, is it? Just an idea: Couldn't we call SessionStore#invalidate() immediately in Session#invalidate()? See attached patch. Actually I never understood why we have invalidate() and invalidateNow() and their difference. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223680#comment-17223680 ] Emond Papegaaij commented on WICKET-6848: - [~reiern70] That's a different bug: WICKET-6847. This bug is about session invalidation, the other about creation. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223669#comment-17223669 ] Ernesto Reinaldo Barreiro commented on WICKET-6848: --- java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:3038) at org.apache.catalina.connector.Request.getSession(Request.java:2456) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:148) at org.apache.wicket.session.HttpSessionStore.getHttpSession(HttpSessionStore.java:85) at org.apache.wicket.session.HttpSessionStore.getSessionId(HttpSessionStore.java:146) at org.apache.wicket.Session.bind(Session.java:276) at org.apache.wicket.pageStore.DefaultPageContext.getSessionId(DefaultPageContext.java:44) at org.apache.wicket.pageStore.AsynchronousPageStore$PendingAdd.(AsynchronousPageStore.java:150) at org.apache.wicket.pageStore.AsynchronousPageStore.addPage(AsynchronousPageStore.java:368) at org.apache.wicket.pageStore.SerializingPageStore.addPage(SerializingPageStore.java:82) at org.apache.wicket.pageStore.CachingPageStore.addPage(CachingPageStore.java:73) at org.apache.wicket.pageStore.RequestPageStore.detach(RequestPageStore.java:102) at org.apache.wicket.page.PageManager.detach(PageManager.java:85) at org.apache.wicket.Application$2.onDetach(Application.java:1572) at org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:105) at org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:101) at org.apache.wicket.util.listener.ListenerCollection$1.notify(ListenerCollection.java:120) at org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144) at org.apache.wicket.util.listener.ListenerCollection.reversedNotifyIgnoringExceptions(ListenerCollection.java:113) at org.apache.wicket.request.cycle.RequestCycleListenerCollection.onDetach(RequestCycleListenerCollection.java:100) at org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:669) at org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) I still get this on current master > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223618#comment-17223618 ] Emond Papegaaij commented on WICKET-6848: - No, that does not work. At that point the {{RequestCycle}} is not set on the {{ThreadContext}}, which will result in a {{NullPointerException}} in {{isInvalidated()}}. Also, {{Session.get()}} will create a session if it does not yet exist, and I'd rather avoid that at this point. I didn't check if {{Session.get()}} even returned the correct session. It could be that it simply created a new one because the session was also not set on the context. Luckily, we don't need the session for the check, because the boolean is stored as metadata in the {{RequestCycle}}. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223601#comment-17223601 ] Ernesto Reinaldo Barreiro commented on WICKET-6848: --- Hi Emond, + if (reqProcessed && !Session.isSessionInvalidated(requestCycle)) { Cannot this be Session.get().isInvalidated()? Or session was already detached from request thread? > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223545#comment-17223545 ] Emond Papegaaij commented on WICKET-6848: - The attached patch fixes the issue by not flushing before detach when the session is marked for invalidation. It fixes the issue, but I do not like this special case. However, I do not see a way to fix the issue any other way. > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223533#comment-17223533 ] Maxim Solodovnik commented on WICKET-6848: -- I saw such stacktrace on Tomcat once It happen during login (session was replaced) It is not reproducible for me since then > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223529#comment-17223529 ] Emond Papegaaij commented on WICKET-6848: - I've done some more debugging and the current behavior definitely is broken. When I remove the 'distributable' element from the web.xml and run it against Wicket 9.0.0, I see a set-cookie header in the response of the logout request to clear the JSESSIONID cookie. With 9.1.0 and master, this set-cookie header is missing. So even though the stacktrace is not triggered, behavior has changed. What is puzzling though, is that on Jetty I do not get the set-cookie header, not even on 9.0.0. Why is Jetty not clearing the cookie on logout? Is this a bug? > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at >
[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17223506#comment-17223506 ] Emond Papegaaij commented on WICKET-6848: - I've managed to produce a quickstart for this problem, but the stacktrace only occurs on WildFly, not on Jetty. Also, the session needs to be distributable to trigger the error. I don't understand why a distributable session has different characteristics on this. I would expect this to fail for every session type. This bug is not fixed on master yet. For the quickstart: build the application, deploy it on wildfly, navigate to http://localhost:8080/wicket6848-1.0-SNAPSHOT and click on the link that says 'Click here!' > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at >