https://issues.apache.org/jira/browse/WICKET-5380
On Mon, Sep 30, 2013 at 12:32 PM, Martin Grigorov <mgrigo...@apache.org>wrote:
> Applying only the first change that I suggested works on all - Jetty 8,
> Tomcat 7 and Glassfish 4.
>
> I've used:
> WebRequest webRequest = (WebRequest) RequestCycle.get().getRequest();
> HttpServletRequest httpRequest =
> (HttpServletRequest)webRequest.getContainerRequest();
> httpRequest.getSession().setMaxInactiveInterval(10);
>
> and the session expires according to the web container's configurations.
> Jetty's Scavenger thread runs every 30 secs by default, so the session is
> invalidated between 1-30 secs after its expiration time.
> Tomcat and GF seems to do this every 60 secs by default.
>
> I'll create a ticket and commit the change.
>
>
> On Mon, Sep 30, 2013 at 11:55 AM, Martin Grigorov <mgrigo...@apache.org>wrote:
>
>> Tomcat 7.x makes identity check:
>>
>> org.apache.catalina.session.StandardSession#setAttribute
>> // Call the valueUnbound() method if necessary
>> if (notify && (unbound != null) && (unbound != value) &&
>> (unbound instanceof HttpSessionBindingListener)) {
>>
>>
>> On Mon, Sep 30, 2013 at 11:49 AM, Martin Grigorov
>> <mgrigo...@apache.org>wrote:
>>
>>> Jetty 8.1.13 checks for equality of the old and the new values:
>>> org.eclipse.jetty.server.session.AbstractSession#setAttribute
>>> public void setAttribute(String name, Object value)
>>> {
>>> Object old=null;
>>> synchronized (this)
>>> {
>>> checkValid();
>>> old=doPutOrRemove(name,value);
>>> }
>>>
>>> if (value==null || !value.equals(old)) // <<<<<
>>> {
>>> if (old!=null)
>>> unbindValue(name,old);
>>>
>>> Since SessionEntry doesn't override #equals() the check is by reference.
>>> Thus no notification.
>>>
>>>
>>>
>>> On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov
>>> <mgrigo...@apache.org>wrote:
>>>
>>>> I'll test this and let you know.
>>>>
>>>>
>>>> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <p...@bors.ws> wrote:
>>>>
>>>>> Sorry for the delay, it's the weekend :)
>>>>>
>>>>> In our webapp we let the system administrator control the user session
>>>>> timeout which we set it via the Login page as:
>>>>> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
>>>>> HttpServletRequest httpRequest =
>>>>> (HttpServletRequest)webRequest.getContainerRequest();
>>>>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>>>>
>>>>> I set the session duration to 1 min and tried it with the new
>>>>> implementation for the getSessionEntry(), waited for a good 2-3 mins and
>>>>> the session is never invalidated any longer as if it's no longer touched.
>>>>> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
>>>>> explicitly through the Logout button which calls
>>>>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>>>>
>>>>> This is what makes me think that going off the HttpSessionListener
>>>>> might be better.
>>>>>
>>>>> ~ Thank you,
>>>>> Paul Bors
>>>>>
>>>>> -----Original Message-----
>>>>> From: Martin Grigorov [mailto:mgrigo...@apache.org]
>>>>> Sent: Saturday, September 28, 2013 3:44 AM
>>>>> To: users@wicket.apache.org
>>>>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> (GlassFish v3 and v4)
>>>>>
>>>>> I think both suggestions should be applied.
>>>>> The intentions are more clear, IMO.
>>>>>
>>>>> But let's wait Paul to explain what problem he faced. I don't expect
>>>>> problems with session timeouts because this is managed by the web
>>>>> container. If there is request then the session is touched. If the session
>>>>> is not touched for some predefined time then the web container invalidates
>>>>> it automatically.
>>>>>
>>>>>
>>>>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <s...@meiers.net> wrote:
>>>>>
>>>>> > Martin's explanation fits the reported stacktrace nicely.
>>>>> >
>>>>> > We should definitely change getSessionEntry() as proposed. I don't
>>>>> see
>>>>> > an advantage in using an HttpSessionListener though.
>>>>> >
>>>>> > @Paul: What is broken now?
>>>>> >
>>>>> > Sven
>>>>> >
>>>>> >
>>>>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>>>>> >
>>>>> >> I take that back, the new implementation breaks the session timeout.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Paul Bors [mailto:p...@bors.ws]
>>>>> >> Sent: Friday, September 27, 2013 5:51 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: d...@wicket.apache.org
>>>>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>>>>> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
>>>>> >> it's working fine in GlassFish v3.1.2.2
>>>>> >>
>>>>> >> I'll withdraw my GLASSFISH-20828 bug.
>>>>> >>
>>>>> >> Should I open a new Wicket ticket instead?
>>>>> >>
>>>>> >> I do think the second suggestion of using HttpSessionListener
>>>>> instead
>>>>> >> is cleaner.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Martin Grigorov [mailto:mgrigo...@apache.org]
>>>>> >> Sent: Friday, September 27, 2013 4:09 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: d...@wicket.apache.org
>>>>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> Reading your ticket against GF I think GF behaves correctly. But I
>>>>> >> wonder why Tomcat/Jetty don't do this.
>>>>> >>
>>>>> >> So here is what happens:
>>>>> >>
>>>>> >>
>>>>> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>>>>> >> **
>>>>> >> getSessionEntry
>>>>> >> looks like :
>>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId()); } if
>>>>> >> (entry != null) { synchronized (entry) {
>>>>> >> setSessionAttribute(**getAttributeName(),
>>>>> >> entry); } } return entry; }
>>>>> >>
>>>>> >> I think the correct code should be:
>>>>> >>
>>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId());
>>>>> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>>>>> >> I.e. set the SessionEntry as an attribute in the http session only
>>>>> >> when it is created.
>>>>> >>
>>>>> >> Because with the current code we call
>>>>> >> "setSessionAttribute(**getAttributeName(), entry);" even with
>>>>> already
>>>>> >> existing entries and this leads to notifications to
>>>>> >> HttpSessionBindingListener - new value is bound, old value is
>>>>> removed.
>>>>> >>
>>>>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>>>>> >>
>>>>> >> Another solution would be SessionEntry to implement
>>>>> >> HttpSessionListener instead and check the sessionId of the unbound
>>>>> >> session against its own one and clean the data store if they are
>>>>> equal.
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <p...@bors.ws> wrote:
>>>>> >>
>>>>> >> Created
>>>>> >> https://java.net/jira/browse/**GLASSFISH-20828<
>>>>> https://java.net/jira/
>>>>> >> browse/GLASSFISH-20828>
>>>>> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>>>> >>> after
>>>>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>>> >>>
>>>>> >>> Let's see what becomes of this...
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> -----
>>>>> >>> ~ Thank you,
>>>>> >>> p...@bors.ws
>>>>> >>> --
>>>>> >>> View this message in context:
>>>>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>>>> >>> Expired-excep<
>>>>> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>>>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>>>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>>>>> >>>
>>>>> >>> ------------------------------**------------------------------**
>>>>> >>> ---------
>>>>> >>> To unsubscribe, e-mail:
>>>>> >>> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apach
>>>>> >>> e.org> For additional commands, e-mail:
>>>>> users-h...@wicket.apache.org
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> ------------------------------**------------------------------**-----
>>>>> >> ---- To unsubscribe, e-mail:
>>>>> >> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache
>>>>> >> .org> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>> ------------------------------**------------------------------**------
>>>>> > --- To unsubscribe, e-mail:
>>>>> > users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache.
>>>>> > org> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>
