Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.12.0, 1.13.0, 1.14.0
Description
When preferDeserializedForm is set to true (default value), session object should not contain serialized byte in the cache. However, the following exception shows that product leaks the serialized bytes.
Jun 02, 2020 3:31:58 PM org.apache.catalina.session.StandardSession setAttribute SEVERE: Session attribute event listener threw exception java.lang.ClassCastException: [B cannot be cast to java.lang.String at org.apache.geode.modules.session.AccessAttributeValueListener.attributeReplaced(AccessAttributeValueListener.java:34) at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1482) at org.apache.geode.modules.session.catalina.DeltaSession.setAttribute(DeltaSession.java:262) at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1385) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:137) at org.apache.geode.modules.session.catalina.DeltaSessionFacade.setAttribute(DeltaSessionFacade.java:49) at org.apache.geode.modules.session.CommandServlet.doGet(CommandServlet.java:64) at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.geode.modules.session.catalina.CommitSessionValve.invoke(CommitSessionValve.java:47) at org.apache.geode.modules.session.catalina.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:45) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
Please note if preferDeserializedForm is set to false, this issue could still exist, unless HttpSessionBindingEvent.getValue() is not being accessed by the application. Otherwise, user should set preferDeserializedForm to true to avoid this issue.
Attachments
Issue Links
- causes
-
GEODE-10093 DeltaSession getAttribute method logs an NPE and returns unserialized value when called on attribute with null value
- Closed
- links to