[jira] [Updated] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6848: Affects Version/s: 8.10.0 > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0, 8.10.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) > at >
[jira] [Updated] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sven Meier updated WICKET-6848: --- Attachment: WICKET-6848-invalidate-session-manager-immediately.patch > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: > WICKET-6848-invalidate-session-manager-immediately.patch, WICKET-6848.diff, > wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at >
[jira] [Updated] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6848: Attachment: WICKET-6848.diff > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: WICKET-6848.diff, wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) > at >
[jira] [Updated] (WICKET-6848) Session invalidation fails because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6848: Attachment: wicket6848.zip > Session invalidation fails because response is already committed > > > Key: WICKET-6848 > URL: https://issues.apache.org/jira/browse/WICKET-6848 > Project: Wicket > Issue Type: Bug > Components: wicket-core >Affects Versions: 9.1.0 >Reporter: Emond Papegaaij >Priority: Major > Attachments: wicket6848.zip > > > Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely > related to the changes made with WICKET-6831. We are currently checking if > this has been fixed by the latest changes on master, but I believe this is a > different issue. > From the stacktrace I deduce that the session is invalidated as part of > detach, but as detach is now called after flush, it is no longer possible to > invalidate the HttpSession at this point (you cannot clear the JSESSIONID > cookie). > {code} > 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception > handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: > Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 > after the response was committed (e.g. after HttpServletResponse.sendRedirect > or sendError) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292) > at > org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at > org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at > io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at > io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) > at >