Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.3
-
Fix Version/s: None
-
Component/s: Framework
-
Labels:None
-
Environment:Tomcat 7.0.47
Java 1.7
ICEfaces Core/Ace 3.3.0
Apache MyFaces 2.1.10
-
Workaround Exists:Yes
-
Workaround Description:
Description
Please follow these steps to reproduce the behaviour:
* Install an ICEfaces application with ace components on Tomcat7.
* Use the attribute cookies='false' in the context definition (e.g. in /META-INF/context.xml) to disable cookies and force URL rewriting.
* Open the Tomcat management application (/manager/html) to view a list of active sessions in the ICEfaces application. It helps to start with an empty session list.
* Start the application and visit some pages containing ace components.
* Check the manager application again.
Expected:
In single user mode, there should be one active session only.
Observed:
Along with the expected "primary" session, a number of additional sessions is being spawn on each page visit.
The expected behaviour can be observed when cookies are enabled (cookies='true' in the context definition).
Other servlet-containers besides Tomcat may be affected as well (not tested).
The issue may be related withICE-2438 (Support for browsers with cookies disabled).
Current state of analysis:
The flooding is caused by requests for JSF resources, which contain "javax.faces.resource" as part of their URL.
These requests do not seem to be affected by URL rewriting and do not contain a session id in the URL.
As a result, these requests spawn new sessions.
There may be other types of requests that behave similar, but so far none have been found.
Based on this, a workaround described below has been developed.
* Install an ICEfaces application with ace components on Tomcat7.
* Use the attribute cookies='false' in the context definition (e.g. in /META-INF/context.xml) to disable cookies and force URL rewriting.
* Open the Tomcat management application (/manager/html) to view a list of active sessions in the ICEfaces application. It helps to start with an empty session list.
* Start the application and visit some pages containing ace components.
* Check the manager application again.
Expected:
In single user mode, there should be one active session only.
Observed:
Along with the expected "primary" session, a number of additional sessions is being spawn on each page visit.
The expected behaviour can be observed when cookies are enabled (cookies='true' in the context definition).
Other servlet-containers besides Tomcat may be affected as well (not tested).
The issue may be related with
Current state of analysis:
The flooding is caused by requests for JSF resources, which contain "javax.faces.resource" as part of their URL.
These requests do not seem to be affected by URL rewriting and do not contain a session id in the URL.
As a result, these requests spawn new sessions.
There may be other types of requests that behave similar, but so far none have been found.
Based on this, a workaround described below has been developed.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion