ICEfaces
  1. ICEfaces
  2. ICE-2731

Session already invalidated with seam logout

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.7Beta1
    • Fix Version/s: 1.7RC1, 1.7
    • Component/s: Framework
    • Labels:
      None
    • Environment:
      Seam 2.0.1.GA, JBoss AS 4.2.2.GA

      Description

      calling #{identity.logout} causes an

      java.lang.IllegalStateException: invalidate: Session already invalidated
        at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1107)
        at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:150)
        at com.icesoft.faces.webapp.http.servlet.SessionDispatcher$1.run(SessionDispatcher.java:115)

      NOTE. I have narrowed it down to revision 15530 OK, 15540 broken. Primary suspect is checking 15532 "Delay the release of FacesContext as well. ICE-1909"

        Issue Links

          Activity

          Hide
          Mircea Toma added a comment -

          It's safe to ignore the exception in this case. Changed log level to 'Debug'.

          Show
          Mircea Toma added a comment - It's safe to ignore the exception in this case. Changed log level to 'Debug'.
          Hide
          Nicklas Karlsson added a comment -

          Now the exception in the log is gone but the issue remains

          I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the
          identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the
          functionality is different from DR#3.

          Show
          Nicklas Karlsson added a comment - Now the exception in the log is gone but the issue remains I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the functionality is different from DR#3.
          Hide
          Nicklas Karlsson added a comment -

          Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?

          Show
          Nicklas Karlsson added a comment - Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?
          Hide
          Nicklas Karlsson added a comment -

          Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.

          Show
          Nicklas Karlsson added a comment - Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.
          Hide
          Mircea Toma added a comment -

          Yes, this issue is not fixed yet. ICE-1909 fixes just uncovered problems that we didn't realize we had.

          Show
          Mircea Toma added a comment - Yes, this issue is not fixed yet. ICE-1909 fixes just uncovered problems that we didn't realize we had.
          Hide
          Mircea Toma added a comment -

          Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session).
          Instead session is invalidated right after the session bound servers are shut down.
          The change described above broke the fixes for ICE-1909, because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

          Show
          Mircea Toma added a comment - Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session). Instead session is invalidated right after the session bound servers are shut down. The change described above broke the fixes for ICE-1909 , because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

            People

            • Assignee:
              Unassigned
              Reporter:
              Nicklas Karlsson
            • Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: