[ICE-2731] Session already invalidated with seam logout - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7Beta1
Fix Version/s: 1.7RC1, 1.7
Component/s: Framework
Labels:
None
Environment:
Seam 2.0.1.GA, JBoss AS 4.2.2.GA

ICEsoft Forum Reference:
http://www.icefaces.org/JForum/posts/list/7172.page

Description

calling #{identity.logout} causes an

java.lang.IllegalStateException: invalidate: Session already invalidated
at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1107)
at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:150)
at com.icesoft.faces.webapp.http.servlet.SessionDispatcher$1.run(SessionDispatcher.java:115)

NOTE. I have narrowed it down to revision 15530 OK, 15540 broken. Primary suspect is checking 15532 "Delay the release of FacesContext as well. ~~ICE-1909~~"

Issue Links

blocks

ICE-2740 Stuck thread after session expiry

Closed

ICE-2748 Unable to reload portal page after session expires

Closed

Activity

Ascending order - Click to sort in descending order

Nicklas Karlsson created issue - 11/Feb/08 5:30 AM

Ken Fyten made changes - 11/Feb/08 10:35 AM

Field	Original Value	New Value
Fix Version/s		1.7 [ 10080 ]
Assignee Priority		P1
Assignee		Mircea Toma [ mircea.toma ]

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#15802	Mon Feb 11 15:04:57 MST 2008	mircea.toma	Change log level. Don't report exception. ~~ICE-2731~~
				Files Changed
				MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/SessionDispatcher.java

Hide

Permalink

Mircea Toma added a comment - 11/Feb/08 4:08 PM

It's safe to ignore the exception in this case. Changed log level to 'Debug'.

Show

Mircea Toma added a comment - 11/Feb/08 4:08 PM It's safe to ignore the exception in this case. Changed log level to 'Debug'.

Mircea Toma made changes - 11/Feb/08 4:08 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Hide

Permalink

Nicklas Karlsson added a comment - 12/Feb/08 1:56 AM

Now the exception in the log is gone but the issue remains

I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the
identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the
functionality is different from DR#3.

Show

Nicklas Karlsson added a comment - 12/Feb/08 1:56 AM Now the exception in the log is gone but the issue remains I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the functionality is different from DR#3.

Hide

Permalink

Nicklas Karlsson added a comment - 12/Feb/08 3:25 AM

Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?

Show

Nicklas Karlsson added a comment - 12/Feb/08 3:25 AM Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?

Hide

Permalink

Nicklas Karlsson added a comment - 13/Feb/08 12:42 AM

Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.

Show

Nicklas Karlsson added a comment - 13/Feb/08 12:42 AM Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.

Hide

Permalink

Mircea Toma added a comment - 13/Feb/08 11:37 AM

Yes, this issue is not fixed yet. ~~ICE-1909~~ fixes just uncovered problems that we didn't realize we had.

Show

Mircea Toma added a comment - 13/Feb/08 11:37 AM Yes, this issue is not fixed yet. ICE-1909 fixes just uncovered problems that we didn't realize we had.

Mircea Toma made changes - 13/Feb/08 11:37 AM

Resolution	Fixed [ 1 ]
Status	Resolved [ 5 ]	Reopened [ 4 ]

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#15808	Thu Feb 14 15:43:04 MST 2008	mircea.toma	Avoid invalidating the session with a delay. Remove dependency on HttpSessionListener to receive notifications. ~~ICE-2731~~
				Files Changed
				ADD /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/SessionExpiredException.java MODIFY /icefaces/trunk/icefaces/bridge/src/connection.async.js MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/ProxyPortletSession.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ProxyHttpSession.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/SessionDispatcher.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/util/event/servlet/ContextEventRepeater.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/View.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/core/ViewBoundServer.java

Mircea Toma made changes - 14/Feb/08 4:40 PM

Link

This issue blocks ~~ICE-2740~~ [ ~~ICE-2740~~ ]

Hide

Permalink

Mircea Toma added a comment - 14/Feb/08 4:51 PM

Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session).
Instead session is invalidated right after the session bound servers are shut down.
The change described above broke the fixes for ~~ICE-1909~~, because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

Show

Mircea Toma added a comment - 14/Feb/08 4:51 PM Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session). Instead session is invalidated right after the session bound servers are shut down. The change described above broke the fixes for ICE-1909 , because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

Mircea Toma made changes - 14/Feb/08 4:51 PM

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Mircea Toma made changes - 27/Feb/08 4:42 PM

Link

This issue blocks ~~ICE-2748~~ [ ~~ICE-2748~~ ]

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#16059	Tue Mar 18 15:40:33 MDT 2008	mircea.toma	Implement different behavior for shutdown sequence for natural session expiration versus forced session invalidation. ~~ICE-2731~~
				Files Changed
				MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/SessionDispatcher.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/InterceptingServletSession.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/InterceptingPortletSession.java

Ken Fyten made changes - 19/Mar/08 4:42 PM

Fix Version/s		1.7RC1 [ 10123 ]
Fix Version/s	1.7 [ 10080 ]

Ken Fyten made changes - 14/Apr/08 3:37 PM

Fix Version/s

1.7 [ 10080 ]

Ken Fyten made changes - 14/Apr/08 3:38 PM

Status	Resolved [ 5 ]	Closed [ 6 ]
Assignee Priority	P1
Assignee	Mircea Toma [ mircea.toma ]

People

Assignee:

Unassigned

Reporter:

Nicklas Karlsson

Votes:

1 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

11/Feb/08 5:30 AM

Updated:

14/Apr/08 3:38 PM

Resolved:

14/Feb/08 4:51 PM