Tapestry 5
  1. Tapestry 5
  2. TAP5-834

BaseOptimizedSessionPersistedObject does not work correctly with Tomcat & Jetty

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 5.1.0.0, 5.1.0.1, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.5, 5.0.18
    • Fix Version/s: 5.2.0
    • Component/s: tapestry-core
    • Labels:
      None

      Description

      OptimizedSessionPersistedObject's suggestion for implementing isSessionPersistedObjectDirty(), as used by BaseOptimizedSessionPersistedObject, does not work correctly with Tomcat & Jetty. (and quite possibly other servlet containers too, but we only use Jetty & Tomcat so have only confirmed it with them)

      OptimizedSessionPersistedObject model relies on the servlet container session object triggering a HttpSessionBindingEvent when an object is re-stored in the session to reset the dirty flag. I've only looked at the source of Tomcat 5.5 and 6 but when an object is replaced in the session using setAttribute() the new object and the existing object are compared by reference only, if they both refer to the same object then no HttpSessionBindingEvent is triggered.

      From Tomcat StandardSession.java:

      // Call the valueBound() method if necessary
      if (notify && value instanceof HttpSessionBindingListener) {
      // Don't call any notification if replacing with the same value
      Object oldValue = attributes.get(name);
      if (value != oldValue) {
      event = new HttpSessionBindingEvent(getSession(), name, value);
      try

      { ((HttpSessionBindingListener) value).valueBound(event); }

      catch (Throwable t)

      { manager.getContainer().getLogger().error (sm.getString("standardSession.bindingEvent"), t); }

      }
      }

      So, using OptimizedSessionPersistedObject, there is currently no way of setting the dirty flag to false after the object has been saved in the session - hence we are propagating all of the SSOs across the cluster all of the time because the dirty flag stays set to true.

      I think there are two possible solutions to this issue - I prefer the first by a large margin, but both modify the SessionImpl.restoreDirtyObjects() method.

      1) Add a new method to OptimizedSessionPersistedObject interface to reset the dirty flag, and a corresponding method in SessionPersistedObjectAnalyzer - implementing them as appropriate, then call the new reset method after setting the session attribute in SessionImpl.restoreDirtyObjects().

      2) Remove the session attribute before adding it in SessionImpl.restoreDirtyObjects(). Although I have a worry that this may potentially cause hard to find concurrency problems.

        Issue Links

          Activity

          Hide
          Andy Blower added a comment -

          As there doesn't appear to be anyone else who's bothered about clustering performance with Tapestry 5, we've implemented solution 1and tested it with our application. I've attached the patch which I hope will make its way into the Tapestry svn repository and thus into next Tapestry 5 release.

          Show
          Andy Blower added a comment - As there doesn't appear to be anyone else who's bothered about clustering performance with Tapestry 5, we've implemented solution 1and tested it with our application. I've attached the patch which I hope will make its way into the Tapestry svn repository and thus into next Tapestry 5 release.
          Hide
          Howard M. Lewis Ship added a comment -

          Chose a simpler, alternate solution, that when the attribute is dirty, we set the attribute to null, then back to the dirty object. This should force the servlet container to trigger the notifications, and it doesn't involve a change to (what I expect to be) a somewhat common interface that much end-user code will implement.

          Show
          Howard M. Lewis Ship added a comment - Chose a simpler, alternate solution, that when the attribute is dirty, we set the attribute to null, then back to the dirty object. This should force the servlet container to trigger the notifications, and it doesn't involve a change to (what I expect to be) a somewhat common interface that much end-user code will implement.
          Hide
          Andy Blower added a comment -

          It looks to me like you've implemented solution 2 from my bug report above. As I said originally, I'm concerned that this will potentially cause hard to find concurrency problems which is why I thought the more complicated solution was a better option. If there are two threads handling requests for the same user session, setting the session attribute to null without synchronisation when one request has finished processing while the other is still being handled could cause problems, couldn't it?

          If you think that this isn't an issue, please could you explain why? Maybe I'm missing something in my analysis here?

          Show
          Andy Blower added a comment - It looks to me like you've implemented solution 2 from my bug report above. As I said originally, I'm concerned that this will potentially cause hard to find concurrency problems which is why I thought the more complicated solution was a better option. If there are two threads handling requests for the same user session, setting the session attribute to null without synchronisation when one request has finished processing while the other is still being handled could cause problems, couldn't it? If you think that this isn't an issue, please could you explain why? Maybe I'm missing something in my analysis here?
          Hide
          Howard M. Lewis Ship added a comment -

          It does conform to Brian Goetz's theory that all web applications are broken.

          My analysis is that event requests are the ones likely to modify server-side state and they redirect to page render requests and asset requests, which do not modify state generally (though the flash persistence type does).

          Even assuming sticky sessions, there's a question about how to manage this concurrency best.

          It may be necessary to but a mutex into the ComponentEventRequestHandler pipeline when there's an active session for the request.

          Show
          Howard M. Lewis Ship added a comment - It does conform to Brian Goetz's theory that all web applications are broken. My analysis is that event requests are the ones likely to modify server-side state and they redirect to page render requests and asset requests, which do not modify state generally (though the flash persistence type does). Even assuming sticky sessions, there's a question about how to manage this concurrency best. It may be necessary to but a mutex into the ComponentEventRequestHandler pipeline when there's an active session for the request.
          Hide
          Andy Blower added a comment -

          It is definitely an edge case, and maybe I'm being over paranoid. As you say solution #1 (implemented in my patch) does change two public interfaces. I don't consider it an issue because it's only adding a single new a method in each case, which for people upgrading to T5.2 would be as simple as generating/writing a method stub that do nothing to keep the same behaviour as T5.1. I could see your point if it changed existing method signatures or something, but I think there were much worse changes required for migrating from 5.0->5.1, and I feel that this is better for T5 than adding synchronization overheads. That's my opinion anyway FWIW.

          Thanks for the response. Never heard of Brian Goetz before though...

          Show
          Andy Blower added a comment - It is definitely an edge case, and maybe I'm being over paranoid. As you say solution #1 (implemented in my patch) does change two public interfaces. I don't consider it an issue because it's only adding a single new a method in each case, which for people upgrading to T5.2 would be as simple as generating/writing a method stub that do nothing to keep the same behaviour as T5.1. I could see your point if it changed existing method signatures or something, but I think there were much worse changes required for migrating from 5.0->5.1, and I feel that this is better for T5 than adding synchronization overheads. That's my opinion anyway FWIW. Thanks for the response. Never heard of Brian Goetz before though...
          Hide
          Josh Canfield added a comment -

          I believe this fix caused TAP5-1355 - Threading issue with SessionStateObjects

          For the fraction of a second that the SSO's session attribute is set to null other requests from the same request are looking up the SSO from the same session and re-creating the SSO because it's null.

          The original problem from the user list (http://tapestry.1045711.n5.nabble.com/Threading-and-SSOs-again-td3276880.html) was regarding securing images. For this use case it's possible that a single page refresh could cause many concurrent requests for the same SSO. Especially if you use domain naming tricks to get around the HTTP request per server limit.

          I used the sample from TAP5-1355 to reproduce the problem, removed the setting of null and could no longer reproduce the problem.

          Show
          Josh Canfield added a comment - I believe this fix caused TAP5-1355 - Threading issue with SessionStateObjects For the fraction of a second that the SSO's session attribute is set to null other requests from the same request are looking up the SSO from the same session and re-creating the SSO because it's null. The original problem from the user list ( http://tapestry.1045711.n5.nabble.com/Threading-and-SSOs-again-td3276880.html ) was regarding securing images. For this use case it's possible that a single page refresh could cause many concurrent requests for the same SSO. Especially if you use domain naming tricks to get around the HTTP request per server limit. I used the sample from TAP5-1355 to reproduce the problem, removed the setting of null and could no longer reproduce the problem.
          Hide
          Josh Canfield added a comment -

          While the reported defect is no longer present, the fix introduced a significant defect in handling concurrent requests for SessionStateObjects.

          Show
          Josh Canfield added a comment - While the reported defect is no longer present, the fix introduced a significant defect in handling concurrent requests for SessionStateObjects.
          Hide
          Josh Canfield added a comment -

          un-reopened... that was dumb we should just track it in the other defect.

          Show
          Josh Canfield added a comment - un-reopened... that was dumb we should just track it in the other defect.

            People

            • Assignee:
              Howard M. Lewis Ship
              Reporter:
              Andy Blower
            • Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development