Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » Session timeout issues
Session timeout issues [message #1757845] Mon, 20 March 2017 15:07 Go to next message
Urs Beeli is currently offline Urs BeeliFriend
Messages: 557
Registered: October 2012
Location: Bern, Switzerland
Senior Member
We have deployed our application on a Websphere WAS.

Our users have observed the following behaviour multiple times:

  • in the morning they fire up their browser, access our scout application and log in
  • they can work with the application
  • they let the application "sit" in the browser without using it for some hours (not closing the browser, not closing the tab)
  • some hours later they come back and choose the URL of the scout application from their bookmark
  • they get a session timeout message
  • clicking the "reload" button just leads to the same message again and again
  • closing the browser tab and trying to load the URL again shows the same behaviour
  • starting a different browser (i.e. firefox instead of chrome) let's them log in again


index.php/fa/28807/0/

Is this something you've seen before? Is this a websphere issue? Or rather something in the Scout code (ours or BSI's)?

On a related note: We have four scout applications running on our Websphere (same hostname but different ports): We modified the Login-box.js to use standard JEE login/logout (j_security_check with j_username and j_password). When a user logs into one of the four applications and then openes the URL for any of the other applications he gets into the application without having to log in (while this is a nice side effect as the product owner wants single sign on, it is not what we would have expected). If we then log out from one application and try to do something in the other application, we get a popup showing a http 500 error, even though we can still start the same application (and login) in another browser.

Could these issues be related?

[Updated on: Mon, 20 March 2017 15:11]

Report message to a moderator

Re: Session timeout issues [message #1757878 is a reply to message #1757845] Tue, 21 March 2017 07:41 Go to previous messageGo to next message
Paolo Bazzi is currently offline Paolo BazziFriend
Messages: 11
Registered: January 2017
Junior Member
Two pointers to your problems:

- Using the configuration property "scout.max.user.idle.time" you can define, how long your (UI) session is kept alive. Default value is 4h.

- We noticed strange login/logout errors if more than one Scout-based application is run within the same application server. In the newest Scout version we added a check to avoid the deployment of more than one Scout application within the same server because this is currently not supported by the Scout framework.

Technical background: We use the java.net.URLConnection to communicate between UI-Server and Backend (ServiceTunnel). To use cookies, we rely on the build-in java.net.CookieHandler. To be able to bound the cookies to a specific Scout session, we added a custom CookieStore implementation (MultiSessionCookieStore). Unfortunately the basic CookieStore implementation by the JRE is a singleton and therefore available only once within the whole JRE. If we have more than one Scout application deployed within the same server, every Scout deployment tries to install its own MultiSessionCookieStore and therefore overrides the MultiSessionCookieStore installed by the previously deployed Scout application. This leads to strange login/logout errors, depending on the web application deployment order.

Workaround: Deploy every Scout application within an own application server instance.

Roadmap: We will try to use an alternative HttpClient for the UI-Server -> Backend Communication in order to remove the dependency to the java.net.URLConnection and java.net.CookieStore in future.

Regards,
Paolo
Re: Session timeout issues [message #1757882 is a reply to message #1757878] Tue, 21 March 2017 08:39 Go to previous messageGo to next message
Urs Beeli is currently offline Urs BeeliFriend
Messages: 557
Registered: October 2012
Location: Bern, Switzerland
Senior Member
Hi Paolo

Thanks for you input regarding scout.max.user.idle.time. In our web.xml files there is also the following part:

  <session-config>
    <!-- Session timeout in minutes -->
    <session-timeout>5</session-timeout>
    <cookie-config>
      <http-only>true</http-only>
    </cookie-config>
  </session-config>


So how does scout.max.user.idle.time and the session-timeout in web.xml interact? Do they need to be in sync? Or does one override the other?

Websphere offers the possibility to to have have different clusters on the same Websphere installation and each cluster can have several independent servers onto which you can deploy your applications. Each of those servers runs its own JVM. Deploying more than one WAR file into such a server, they both run in the same JVM, though.

Our setup is as follows:

Websphere installation:
+ Cluster for Application A
    + 2 Servers for Application A, each with their own JVM
       + application-A-server.war
       + application-A-ui.war
+ Cluster for Application B
    + 2 Servers for Application B, each with their own JVM
       + application-B-server.war
       + application-B-ui.war
+ Cluster for Application C
    + 2 Servers for Application C, each with their own JVM
       + application-C-server.war
       + application-C-ui.war
+ Cluster for Application D
    + 2 Servers for Application D, each with their own JVM
       + application-D-server.war
       + application-D-ui.war


So while all these applications have the same hostname in their URL, they each have a port of their own and their two WAR files have a JVM of their own. So I don't see how a singleton from application A's JVM can be in conflict with the singleton of application B's JVM.

[Updated on: Tue, 21 March 2017 08:40]

Report message to a moderator

Re: Session timeout issues [message #1757890 is a reply to message #1757882] Tue, 21 March 2017 11:30 Go to previous messageGo to next message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 86
Registered: November 2010
Member
The session-timeout specified in the web.xml is the HTTP session timeout managed by the web container. When no resources of the application are touched for the specified time, the HTTP session is invalidated by the container.

Because the Scout UI regularly polls for asynchronous events on the server (json?poll requests), the HTTP session is touched on each poll request and would never expire. Therefore, Scout checks internally if a request is a "real" user request or just a poll request. If no user request happened for scout.max.user.idle.time, the HTTP session is invalidated by Scout.

Regarding the timeout issue:

Having a separate JVM for each application should indeed not cause any trouble related to the singleton CookieManager.

The behavior you describe sounds really strange. If the browser is closed, all session cookies and the session storage should be cleared. Are you having the same issue, when you open the browser in "incognito mode"? Are you able to debug the UI server? If yes, try setting a breakpoint at org.eclipse.scout.rt.ui.html.json.JsonRequestHelper.createSessionTimeoutResponse() to find the cause of the repeated timeout messages. Unfortunately, we don't have a lot of experience with Websphere WAS, but we did not hear about such an issue yet. Maybe, there is another network component involved that caches user cookies?

Regards,
Beat
Re: Session timeout issues [message #1757897 is a reply to message #1757882] Tue, 21 March 2017 13:31 Go to previous messageGo to next message
Paolo Bazzi is currently offline Paolo BazziFriend
Messages: 11
Registered: January 2017
Junior Member
Hi Urs

Urs Beeli wrote on Tue, 21 March 2017 08:39

Websphere installation:
+ Cluster for Application A
    + 2 Servers for Application A, each with their own JVM
       + application-A-server.war
       + application-A-ui.war
+ Cluster for Application B
    + 2 Servers for Application B, each with their own JVM
       + application-B-server.war
       + application-B-ui.war
+ Cluster for Application C
    + 2 Servers for Application C, each with their own JVM
       + application-C-server.war
       + application-C-ui.war
+ Cluster for Application D
    + 2 Servers for Application D, each with their own JVM
       + application-D-server.war
       + application-D-ui.war



What about the URLs for the four applications? How is the setup? Do the applications share the same URL and only have a different port or do the applications have an own context path (e.g. example.org:8001/application-a)?

Regards,
Paolo
Re: Session timeout issues [message #1757959 is a reply to message #1757897] Wed, 22 March 2017 10:31 Go to previous messageGo to next message
Urs Beeli is currently offline Urs BeeliFriend
Messages: 557
Registered: October 2012
Location: Bern, Switzerland
Senior Member
Hi Paolo

Here are two examples of our application URLs:
http://wasd85cisia1.sbb.ch:31602/cisi/angebot_client_1720/
http://wasd85cisia1.sbb.ch:31802/cisi/betrieb_client_1720/
Re: Session timeout issues [message #1758913 is a reply to message #1757959] Tue, 04 April 2017 14:21 Go to previous messageGo to next message
Urs Beeli is currently offline Urs BeeliFriend
Messages: 557
Registered: October 2012
Location: Bern, Switzerland
Senior Member
Ok, we're trying to work through the above input.

Trying to set scout.max.user.idle.time to 4 hours using the following
scout.max.user.idle.time=4h


Results in an exception:
[2017-04-04 15:58:27,343] [Thread-151] ERROR org.eclipse.scout.rt.platform.internal.PlatformImplementor start - reqid=27662479976445185  Error during platform startup
org.eclipse.scout.rt.platform.exception.PlatformException: Cannot start platform due to 1 invalid config properties: [scout.max.user.idle.time]
	at org.eclipse.scout.rt.platform.internal.PlatformImplementor.validateConfiguration(PlatformImplementor.java:197)
	at org.eclipse.scout.rt.platform.internal.PlatformImplementor.start(PlatformImplementor.java:138)
	at org.eclipse.scout.rt.platform.internal.PlatformStarter.run(PlatformStarter.java:32)


What format does this value expect? A number without units? If so, what unit is assumed? Seconds? Minutes? Hours?
Re: Session timeout issues [message #1758917 is a reply to message #1758913] Tue, 04 April 2017 15:03 Go to previous messageGo to next message
Paolo Bazzi is currently offline Paolo BazziFriend
Messages: 11
Registered: January 2017
Junior Member
Urs Beeli wrote on Tue, 04 April 2017 14:21
Ok, we're trying to work through the above input.

Trying to set scout.max.user.idle.time to 4 hours using the following
scout.max.user.idle.time=4h


Results in an exception:
[2017-04-04 15:58:27,343] [Thread-151] ERROR org.eclipse.scout.rt.platform.internal.PlatformImplementor start - reqid=27662479976445185  Error during platform startup
org.eclipse.scout.rt.platform.exception.PlatformException: Cannot start platform due to 1 invalid config properties: [scout.max.user.idle.time]
	at org.eclipse.scout.rt.platform.internal.PlatformImplementor.validateConfiguration(PlatformImplementor.java:197)
	at org.eclipse.scout.rt.platform.internal.PlatformImplementor.start(PlatformImplementor.java:138)
	at org.eclipse.scout.rt.platform.internal.PlatformStarter.run(PlatformStarter.java:32)


What format does this value expect? A number without units? If so, what unit is assumed? Seconds? Minutes? Hours?


The value is expected in seconds without any unit.

Example: scout.max.user.idle.time=86400 means 24h

I'll add a comment on the MaxUserIdleTimeProperty class.

Regards,
Paolo
Re: Session timeout issues [message #1759282 is a reply to message #1758917] Mon, 10 April 2017 06:47 Go to previous message
Urs Beeli is currently offline Urs BeeliFriend
Messages: 557
Registered: October 2012
Location: Bern, Switzerland
Senior Member
Thanks, that seems to be working now!
Previous Topic:Copying to clipboard without intermediate window
Next Topic:[6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier
Goto Forum:
  


Current Time: Mon May 22 17:41:57 GMT 2017

Powered by FUDForum. Page generated in 0.02787 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software