CDV ❯ Session timeout issue with setMaxInactiveInterval() and already-active sessions
-
Bug
-
Status: Resolved
-
2 Major
-
Resolution: Won't Fix
-
Sessions
-
-
teck
-
Reporter: sbelden
-
February 29, 2008
-
0
-
Watchers: 2
-
September 06, 2013
-
September 06, 2013
Attachments
Description
Programatically setting the session timeout value to a value shorter than the idle time since the _last_ request throws an IllegalStateException.
How to reproduce this issue consistently: * Make a request to the server. Set the session timeout on the new session to 60 minutes. * Sit idle for 31 minutes. * Make another request to the server. In the request, set the session timeout to 30 minutes via setMaxInactiveInterval() * In that same request, try and access the session (e.g. call session.getAttribute(), or any other method that calls isValid()) * Terracotta throws a “java.lang.IllegalStateException: This session is invalid” exception.
I think this is a bug, as the above scenario works fine on vanilla Tomcat 6 and WebSphere 6.1. If I attach a debugger to Tomcat, I can see that the idle time in the SessionData obj is indeed greater than the max allowed idle time.
I know tomcat 6 isn’t officially supported, but I’m hoping you guys have an install of 5.5 or something where you can verify this. ;)
One workaround is to invalidate the session before setting the timeout lower, but that is really not desirable in many cases. The other workaround obviously being “don’t do this.”
Comments
Fiona OShea 2008-02-29
Hung Huynh 2008-02-29
reproducible, testcase added testResetTimeoutToLowerValue() in SessionConfigTest
Tim Eck 2008-02-29
This is confirmed broken and will be fixed. Question though – did you actually run into this issue in practice or is it just something you discovered on a whim? Just trying to characterize the priority on this one
Stu Belden 2008-02-29
This is affecting some of users in production currently, so it’s a pretty high priority for us. I can work around the issue by removing the offending call to setMaxInactiveInterval() in the mean time.
Hung Huynh 2008-03-25
the test case has been moved to SessionTimeoutTest
Stu Belden 2008-11-11
Here’s a possible fix for this issue. It changes the behavior of the Session so that idle timeouts are evaluated at the start of the request and via the background session invalidator thread.
SessionTimeoutTest is patched to enable the testResetTimeoutToLowerValue() test. TerracottaSessionManager is patched to call the new method in the SessionData object that does the real idle timeout check. SessionData is patched as described above. A new valid flag is checked for most session access operations, instead of recomputing the idle timeout each time. This behavior is largely inspired by Tomcat session behavior.
Session timeout tests pass and the entire test suite is running on my laptop at the moment. Patches were developed against svn trunk. Any feedback or criticism is welcome.
Stu Belden 2008-11-12
FWIW, it looks like this breaks several other tests: I don’t have time at the moment to look at them but will try and make time at some point.
Alex Miller 2009-01-26
Tim, can you evaluate the patch and tests?
Alex Miller 2009-01-26
Are we still supporting Terracotta 2.5.x at all? Is this a customer with support?
Fiona OShea 2009-01-27
I would say no to 2.5 and 2.6. I think this may be a community member. He is working against trunk. We can definitely only do this for 2.7 and trunk.
Fiona OShea 2009-02-20
Is this already resolved?
Tim Eck 2009-02-20
I’ve never really looked at this to decide if it is broken, but assuming it is broken I don’t think it is fixed
Hung can you confirm that his happens? On Suse I know we don’t support CentOS