Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.7.1
-
Fix Version/s: 1.7.2
-
Component/s: Framework
-
Labels:None
-
Environment:any web server
-
Workaround Description:Potentially. This might be mitigated by not navigating to a page that creates a new session when the user logs out.
Description
New in 1.7.1 is the callback into the SessionDispatcher$Listener class when sessions are invalidated. This was intended to help with ICE-3073 and memory leaks with Acegi filter based session invalidation. However this causes a potential deadlock situation in an application where there are session timeouts occuring interspersed with manual session invalidation.
Client has an application where the user is taken to a page that creates a new session when the user logs out. After some time, this newly created session will expire and the SessionDispatcher$Monitor class will attempt to invalidate sessions at the same time as the user is logging out. Using JMeter, the deadlock is easy to reproduce.
Client has an application where the user is taken to a page that creates a new session when the user logs out. After some time, this newly created session will expire and the SessionDispatcher$Monitor class will attempt to invalidate sessions at the same time as the user is logging out. Using JMeter, the deadlock is easy to reproduce.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion