Re: [jetty-dev] session invalidation for multiple requests on the same s

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] session invalidation for multiple requests on the same session

From: Jan Bartel <janb@xxxxxxxxxxx>
Date: Thu, 16 May 2019 10:43:39 +0200
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Rajiv,

In the first instance, you should trace through the logs yourselves to follow the lifecycle of a session: see where it is being created, where it is being used on a request, and where it is being invalidated. The latter will only happen if the session is being expired by jetty (because its configured inactive interval has passed) or your application code (or some library you use) explicitly calls invalidate.

Jan

On Thu, 16 May 2019 at 09:37, rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:

Hi Jan,

Thanks for your reply.

I have enabled the logs you mentioned. We are adding sessionid in response.

Shall I provide any logs which may give any insight?

Regards..

On Thu, May 16, 2019, 12:48 PM Jan Bartel <janb@xxxxxxxxxxx> wrote:
Rajiv,

You need to use a tool like ethereal or some other tool that allows you to see the http dialog from client to server. Look at the headers being transmitted - do they contain valid values? You can also look at this dialog to help diagnose your session issues - see where the client sends the JSESSION_ID and how the server responds, particularly where the JSESSIONID cookie is being set. Cross correlate that with full DEBUG on your org.eclipse.jetty.server.session logging.

regards
Jan

On Thu, 16 May 2019 at 07:28, rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:
more errors

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope
05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598:
java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)
at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)
at org.eclipse.jetty.server.Request.getCookies(Request.java:784)
at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

On Thu, May 16, 2019 at 10:37 AM rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated.

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <janb@xxxxxxxxxxx> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <er.rajeevjain@xxxxxxxxx> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice.
These multiple request are from the same client for a given session, post to authentication.

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <er.rajeevjain@xxxxxxxxx> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory.

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD

References:
- [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: Greg Wilkins
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: Jan Bartel
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: Jan Bartel
- Re: [jetty-dev] session invalidation for multiple requests on the same session
  - From: rajiv jain

Prev by Date: Re: [jetty-dev] session invalidation for multiple requests on the same session
Next by Date: [jetty-dev] PMC Approval required for Committer Election for Lachlan Roberts on Jetty - Servlet Engine and Http Server
Previous by thread: Re: [jetty-dev] session invalidation for multiple requests on the same session
Next by thread: [jetty-dev] Committer Election for Lachlan Roberts on Jetty - Servlet Engine and Http Server has started
Index(es):
- Date
- Thread

Breadcrumbs