ICEfaces
  1. ICEfaces
  2. ICE-2731

Session already invalidated with seam logout

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7Beta1
          • Fix Version/s: 1.7RC1, 1.7
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            Seam 2.0.1.GA, JBoss AS 4.2.2.GA

            Description

            calling #{identity.logout} causes an

            java.lang.IllegalStateException: invalidate: Session already invalidated
              at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1107)
              at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:150)
              at com.icesoft.faces.webapp.http.servlet.SessionDispatcher$1.run(SessionDispatcher.java:115)

            NOTE. I have narrowed it down to revision 15530 OK, 15540 broken. Primary suspect is checking 15532 "Delay the release of FacesContext as well. ICE-1909"

              Issue Links

              blocks

              Bug - A problem which impairs or prevents the functions of the product. ICE-2740 Stuck thread after session expiry

              • Major - Major loss of function.
              • Closed

              Bug - A problem which impairs or prevents the functions of the product. ICE-2748 Unable to reload portal page after session expires

              • Major - Major loss of function.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                Mircea Toma added a comment -

                It's safe to ignore the exception in this case. Changed log level to 'Debug'.

                Show
                Mircea Toma added a comment - It's safe to ignore the exception in this case. Changed log level to 'Debug'.
                Hide
                Permalink
                Nicklas Karlsson added a comment -

                Now the exception in the log is gone but the issue remains

                I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the
                identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the
                functionality is different from DR#3.

                Show
                Nicklas Karlsson added a comment - Now the exception in the log is gone but the issue remains I call identity.logout and my security restrictions moves me to the login page but I see my username pre-populated with the identity.username and then I get the "User Session Expired". A refresh fixes the issue and one can move on but the functionality is different from DR#3.
                Hide
                Permalink
                Nicklas Karlsson added a comment -

                Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?

                Show
                Nicklas Karlsson added a comment - Delay that comment. The exception is still there but looking at the repository dates one can think that it's not yet committed, correct?
                Hide
                Permalink
                Nicklas Karlsson added a comment -

                Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.

                Show
                Nicklas Karlsson added a comment - Now I think I got the fix. The issue is half fixed, the identity.username is no longer pre-populated but the "User Session Expired" popup still appears.
                Hide
                Permalink
                Mircea Toma added a comment -

                Yes, this issue is not fixed yet. ICE-1909 fixes just uncovered problems that we didn't realize we had.

                Show
                Mircea Toma added a comment - Yes, this issue is not fixed yet. ICE-1909 fixes just uncovered problems that we didn't realize we had.
                Hide
                Permalink
                Mircea Toma added a comment -

                Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session).
                Instead session is invalidated right after the session bound servers are shut down.
                The change described above broke the fixes for ICE-1909, because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

                Show
                Mircea Toma added a comment - Delaying session invalidation proved to be a bad choice since JBoss+Catalina reuses session objects and IDs which causes a lot of confusion in applications that have logout processes (invalidate session and immediately initiate new session). Instead session is invalidated right after the session bound servers are shut down. The change described above broke the fixes for ICE-1909 , because session now is invalidated in the middle of the JSF lifecycle. So, the solution was to detect immediately that the JSF lifecycle was interrupted and respond with a 'session-expired' message right away.

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    Nicklas Karlsson
                  • Votes:
                    1 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: