Wicket
  1. Wicket
  2. WICKET-5164

PageStoreManager.SessionEntry keeps outdated sessionId when container changes sessionId

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.7.0, 7.0.0-M1
    • Fix Version/s: 6.10.0, 7.0.0-M1
    • Component/s: wicket
    • Labels:
      None

      Description

      PageStoreManager keeps the initial sessionId for each SessionEntry.
      If the container changes the sessionId later (e.g. Tomcat's "Session Fixation Protection"), all pages continue to be stored under the the initial sessionId. This is necessary to be able to access old pages even after a change to the sessionId.

      However PageStoreManager#sessionExpired(String) passes the current sessionId to the PageStore. If it is not longer equal the original sessionId, the PageStore will fail to remove the stored pages for the session.

        Issue Links

          Activity

          Hide
          Sven Meier added a comment -

          PageStoreManger.SessionEntry now implements HttpSessionBindingListener to pass the correct identifier to the PageStore.

          This breaks somewhat the abstraction of IPageManagerContext . But I didn't find another solution to access the initial sessionId which is used for all access to PageStore.

          Show
          Sven Meier added a comment - PageStoreManger.SessionEntry now implements HttpSessionBindingListener to pass the correct identifier to the PageStore. This breaks somewhat the abstraction of IPageManagerContext . But I didn't find another solution to access the initial sessionId which is used for all access to PageStore.
          Hide
          Martin Grigorov added a comment - - edited

          I just got:

          2013-07-11 14:48:54.278:WARN:oejuc.AbstractLifeCycle:Thread-2: FAILED org.eclipse.jetty.maven.plugin.JettyServer@16bd02f6: java.lang.NullPointerException
          java.lang.NullPointerException
          at org.apache.wicket.page.PageStoreManager$SessionEntry.valueUnbound(PageStoreManager.java:303)
          at org.eclipse.jetty.server.session.AbstractSession.unbindValue(AbstractSession.java:581)
          at org.eclipse.jetty.server.session.AbstractSession.clearAttributes(AbstractSession.java:413)
          at org.eclipse.jetty.server.session.AbstractSession.doInvalidate(AbstractSession.java:380)
          at org.eclipse.jetty.server.session.HashedSession.doInvalidate(HashedSession.java:90)
          at org.eclipse.jetty.server.session.AbstractSession.invalidate(AbstractSession.java:370)
          at org.eclipse.jetty.server.session.HashSessionManager.invalidateSessions(HashSessionManager.java:411)
          at org.eclipse.jetty.server.session.AbstractSessionManager.doStop(AbstractSessionManager.java:274)
          at org.eclipse.jetty.server.session.HashSessionManager.doStop(HashSessionManager.java:139)

          while stopping Jetty9.

          org.apache.wicket.page.PageStoreManager.SessionEntry#getPageStore() returns null.

          Show
          Martin Grigorov added a comment - - edited I just got: 2013-07-11 14:48:54.278:WARN:oejuc.AbstractLifeCycle:Thread-2: FAILED org.eclipse.jetty.maven.plugin.JettyServer@16bd02f6: java.lang.NullPointerException java.lang.NullPointerException at org.apache.wicket.page.PageStoreManager$SessionEntry.valueUnbound(PageStoreManager.java:303) at org.eclipse.jetty.server.session.AbstractSession.unbindValue(AbstractSession.java:581) at org.eclipse.jetty.server.session.AbstractSession.clearAttributes(AbstractSession.java:413) at org.eclipse.jetty.server.session.AbstractSession.doInvalidate(AbstractSession.java:380) at org.eclipse.jetty.server.session.HashedSession.doInvalidate(HashedSession.java:90) at org.eclipse.jetty.server.session.AbstractSession.invalidate(AbstractSession.java:370) at org.eclipse.jetty.server.session.HashSessionManager.invalidateSessions(HashSessionManager.java:411) at org.eclipse.jetty.server.session.AbstractSessionManager.doStop(AbstractSessionManager.java:274) at org.eclipse.jetty.server.session.HashSessionManager.doStop(HashSessionManager.java:139) while stopping Jetty9. org.apache.wicket.page.PageStoreManager.SessionEntry#getPageStore() returns null.
          Hide
          Sven Meier added a comment -

          It seems Jetty9 destroys the filter/application before unbinding the session values, strange.

          Show
          Sven Meier added a comment - It seems Jetty9 destroys the filter/application before unbinding the session values, strange.
          Hide
          Sven Meier added a comment -

          now checks whether pageStore is destroyed already

          Show
          Sven Meier added a comment - now checks whether pageStore is destroyed already

            People

            • Assignee:
              Sven Meier
              Reporter:
              Sven Meier
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development