You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Martin Grigorov <mg...@apache.org> on 2013/09/27 22:09:16 UTC
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Reading your ticket against GF I think GF behaves correctly. But I wonder
why Tomcat/Jetty don't do this.
So here is what happens:
org.apache.wicket.page.PageStoreManager.PersistentRequestAdapter#getSessionEntry
looks like :
private SessionEntry getSessionEntry(boolean create)
{
SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId());
}
if (entry != null)
{
synchronized (entry)
{
setSessionAttribute(getAttributeName(), entry);
}
}
return entry;
}
I think the correct code should be:
private SessionEntry getSessionEntry(boolean create)
{
SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId());
setSessionAttribute(getAttributeName(), entry);
}
return entry;
}
I.e. set the SessionEntry as an attribute in the http session only when it
is created.
Because with the current code we call
"setSessionAttribute(getAttributeName(), entry);" even with already
existing entries and this leads to notifications
to HttpSessionBindingListener - new value is bound, old value is removed.
I guess Tomcat and Jetty optimize this by doing identity check.
Another solution would be SessionEntry to implement HttpSessionListener
instead and check the sessionId of the unbound session against its own one
and clean the data store if they are equal.
On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
> Created https://java.net/jira/browse/GLASSFISH-20828
> "HttpSessionBindingListener.valueUnbound() is always called right after
> valueBound() with a null HttpSessionBindingEvent.getValue()"
>
> Let's see what becomes of this...
>
>
>
> -----
> ~ Thank you,
> Paul@Bors.ws
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Page-Expired-exceptions-in-Wicket-6-10-0-tp4661502p4661582.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Posted by Paul Bors <pa...@bors.ws>.
Yes, the 60 secs default on GF threw me off over the weekend when I rushed my tests.
Is working fine, thanks Martin!
~ Paul
-----Original Message-----
From: Martin Grigorov [mailto:mgrigorov@apache.org]
Sent: Monday, September 30, 2013 6:43 AM
To: users@wicket.apache.org
Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
https://issues.apache.org/jira/browse/WICKET-5380
On Mon, Sep 30, 2013 at 12:32 PM, Martin Grigorov <mg...@apache.org>wrote:
> Applying only the first change that I suggested works on all - Jetty
> 8, Tomcat 7 and Glassfish 4.
>
> I've used:
> WebRequest webRequest = (WebRequest) RequestCycle.get().getRequest();
> HttpServletRequest httpRequest =
> (HttpServletRequest)webRequest.getContainerRequest();
> httpRequest.getSession().setMaxInactiveInterval(10);
>
> and the session expires according to the web container's configurations.
> Jetty's Scavenger thread runs every 30 secs by default, so the session
> is invalidated between 1-30 secs after its expiration time.
> Tomcat and GF seems to do this every 60 secs by default.
>
> I'll create a ticket and commit the change.
>
>
> On Mon, Sep 30, 2013 at 11:55 AM, Martin Grigorov <mg...@apache.org>wrote:
>
>> Tomcat 7.x makes identity check:
>>
>> org.apache.catalina.session.StandardSession#setAttribute
>> // Call the valueUnbound() method if necessary
>> if (notify && (unbound != null) && (unbound != value) &&
>> (unbound instanceof HttpSessionBindingListener)) {
>>
>>
>> On Mon, Sep 30, 2013 at 11:49 AM, Martin Grigorov <mg...@apache.org>wrote:
>>
>>> Jetty 8.1.13 checks for equality of the old and the new values:
>>> org.eclipse.jetty.server.session.AbstractSession#setAttribute
>>> public void setAttribute(String name, Object value)
>>> {
>>> Object old=null;
>>> synchronized (this)
>>> {
>>> checkValid();
>>> old=doPutOrRemove(name,value);
>>> }
>>>
>>> if (value==null || !value.equals(old)) // <<<<<
>>> {
>>> if (old!=null)
>>> unbindValue(name,old);
>>>
>>> Since SessionEntry doesn't override #equals() the check is by reference.
>>> Thus no notification.
>>>
>>>
>>>
>>> On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov <mg...@apache.org>wrote:
>>>
>>>> I'll test this and let you know.
>>>>
>>>>
>>>> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
>>>>
>>>>> Sorry for the delay, it's the weekend :)
>>>>>
>>>>> In our webapp we let the system administrator control the user
>>>>> session timeout which we set it via the Login page as:
>>>>> WebRequest webRequest =
>>>>> (WebRequest)RequestCycle.get().getRequest();
>>>>> HttpServletRequest httpRequest =
>>>>> (HttpServletRequest)webRequest.getContainerRequest();
>>>>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>>>>
>>>>> I set the session duration to 1 min and tried it with the new
>>>>> implementation for the getSessionEntry(), waited for a good 2-3
>>>>> mins and the session is never invalidated any longer as if it's no longer touched.
>>>>> My breakpoint on SessionEntry.valueUnbound() is not called either,
>>>>> unless explicitly through the Logout button which calls
>>>>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>>>>
>>>>> This is what makes me think that going off the HttpSessionListener
>>>>> might be better.
>>>>>
>>>>> ~ Thank you,
>>>>> Paul Bors
>>>>>
>>>>> -----Original Message-----
>>>>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>>> Sent: Saturday, September 28, 2013 3:44 AM
>>>>> To: users@wicket.apache.org
>>>>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> (GlassFish v3 and v4)
>>>>>
>>>>> I think both suggestions should be applied.
>>>>> The intentions are more clear, IMO.
>>>>>
>>>>> But let's wait Paul to explain what problem he faced. I don't
>>>>> expect problems with session timeouts because this is managed by
>>>>> the web container. If there is request then the session is
>>>>> touched. If the session is not touched for some predefined time
>>>>> then the web container invalidates it automatically.
>>>>>
>>>>>
>>>>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>>>>>
>>>>> > Martin's explanation fits the reported stacktrace nicely.
>>>>> >
>>>>> > We should definitely change getSessionEntry() as proposed. I
>>>>> > don't
>>>>> see
>>>>> > an advantage in using an HttpSessionListener though.
>>>>> >
>>>>> > @Paul: What is broken now?
>>>>> >
>>>>> > Sven
>>>>> >
>>>>> >
>>>>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>>>>> >
>>>>> >> I take that back, the new implementation breaks the session timeout.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Paul Bors [mailto:paul@bors.ws]
>>>>> >> Sent: Friday, September 27, 2013 5:51 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: dev@wicket.apache.org
>>>>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>>>>> >> PersistentRequestAdapter#**getSessionEntry() new implementation
>>>>> >> and it's working fine in GlassFish v3.1.2.2
>>>>> >>
>>>>> >> I'll withdraw my GLASSFISH-20828 bug.
>>>>> >>
>>>>> >> Should I open a new Wicket ticket instead?
>>>>> >>
>>>>> >> I do think the second suggestion of using HttpSessionListener
>>>>> instead
>>>>> >> is cleaner.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>>> >> Sent: Friday, September 27, 2013 4:09 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: dev@wicket.apache.org
>>>>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> Reading your ticket against GF I think GF behaves correctly.
>>>>> >> But I wonder why Tomcat/Jetty don't do this.
>>>>> >>
>>>>> >> So here is what happens:
>>>>> >>
>>>>> >>
>>>>> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapt
>>>>> er#
>>>>> >> **
>>>>> >> getSessionEntry
>>>>> >> looks like :
>>>>> >> private SessionEntry getSessionEntry(boolean create) {
>>>>> >> SessionEntry entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId()); }
>>>>> >> if (entry != null) { synchronized (entry) {
>>>>> >> setSessionAttribute(**getAttributeName(),
>>>>> >> entry); } } return entry; }
>>>>> >>
>>>>> >> I think the correct code should be:
>>>>> >>
>>>>> >> private SessionEntry getSessionEntry(boolean create) {
>>>>> >> SessionEntry entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId());
>>>>> >> setSessionAttribute(**getAttributeName(), entry); } return
>>>>> >> entry; } I.e. set the SessionEntry as an attribute in the http
>>>>> >> session only when it is created.
>>>>> >>
>>>>> >> Because with the current code we call
>>>>> >> "setSessionAttribute(**getAttributeName(), entry);" even with
>>>>> already
>>>>> >> existing entries and this leads to notifications to
>>>>> >> HttpSessionBindingListener - new value is bound, old value is
>>>>> removed.
>>>>> >>
>>>>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>>>>> >>
>>>>> >> Another solution would be SessionEntry to implement
>>>>> >> HttpSessionListener instead and check the sessionId of the
>>>>> >> unbound session against its own one and clean the data store if
>>>>> >> they are
>>>>> equal.
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>>>> >>
>>>>> >> Created
>>>>> >> https://java.net/jira/browse/**GLASSFISH-20828<
>>>>> https://java.net/jira/
>>>>> >> browse/GLASSFISH-20828>
>>>>> >>> "HttpSessionBindingListener.**valueUnbound() is always called
>>>>> >>> right after
>>>>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>>> >>>
>>>>> >>> Let's see what becomes of this...
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> -----
>>>>> >>> ~ Thank you,
>>>>> >>> Paul@Bors.ws
>>>>> >>> --
>>>>> >>> View this message in context:
>>>>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>>>> >>> Expired-excep<
>>>>> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>>>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.h
>>>>> >>> ge-Expired-excep> tml
>>>>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>>>>> >>>
>>>>> >>> ------------------------------**------------------------------
>>>>> >>> **
>>>>> >>> ---------
>>>>> >>> To unsubscribe, e-mail:
>>>>> >>> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apach
>>>>> >>> e.org> For additional commands, e-mail:
>>>>> users-help@wicket.apache.org
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> ------------------------------**------------------------------**--
>>>>> ---
>>>>> >> ---- To unsubscribe, e-mail:
>>>>> >> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache
>>>>> >> .org> For additional commands, e-mail:
>>>>> >> users-help@wicket.apache.org
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>> ------------------------------**------------------------------**--
>>>>> ----
>>>>> > --- To unsubscribe, e-mail:
>>>>> > users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache.
>>>>> > org> For additional commands, e-mail:
>>>>> > org> users-help@wicket.apache.org
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --- To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
https://issues.apache.org/jira/browse/WICKET-5380
On Mon, Sep 30, 2013 at 12:32 PM, Martin Grigorov <mg...@apache.org>wrote:
> Applying only the first change that I suggested works on all - Jetty 8,
> Tomcat 7 and Glassfish 4.
>
> I've used:
> WebRequest webRequest = (WebRequest) RequestCycle.get().getRequest();
> HttpServletRequest httpRequest =
> (HttpServletRequest)webRequest.getContainerRequest();
> httpRequest.getSession().setMaxInactiveInterval(10);
>
> and the session expires according to the web container's configurations.
> Jetty's Scavenger thread runs every 30 secs by default, so the session is
> invalidated between 1-30 secs after its expiration time.
> Tomcat and GF seems to do this every 60 secs by default.
>
> I'll create a ticket and commit the change.
>
>
> On Mon, Sep 30, 2013 at 11:55 AM, Martin Grigorov <mg...@apache.org>wrote:
>
>> Tomcat 7.x makes identity check:
>>
>> org.apache.catalina.session.StandardSession#setAttribute
>> // Call the valueUnbound() method if necessary
>> if (notify && (unbound != null) && (unbound != value) &&
>> (unbound instanceof HttpSessionBindingListener)) {
>>
>>
>> On Mon, Sep 30, 2013 at 11:49 AM, Martin Grigorov <mg...@apache.org>wrote:
>>
>>> Jetty 8.1.13 checks for equality of the old and the new values:
>>> org.eclipse.jetty.server.session.AbstractSession#setAttribute
>>> public void setAttribute(String name, Object value)
>>> {
>>> Object old=null;
>>> synchronized (this)
>>> {
>>> checkValid();
>>> old=doPutOrRemove(name,value);
>>> }
>>>
>>> if (value==null || !value.equals(old)) // <<<<<
>>> {
>>> if (old!=null)
>>> unbindValue(name,old);
>>>
>>> Since SessionEntry doesn't override #equals() the check is by reference.
>>> Thus no notification.
>>>
>>>
>>>
>>> On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov <mg...@apache.org>wrote:
>>>
>>>> I'll test this and let you know.
>>>>
>>>>
>>>> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
>>>>
>>>>> Sorry for the delay, it's the weekend :)
>>>>>
>>>>> In our webapp we let the system administrator control the user session
>>>>> timeout which we set it via the Login page as:
>>>>> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
>>>>> HttpServletRequest httpRequest =
>>>>> (HttpServletRequest)webRequest.getContainerRequest();
>>>>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>>>>
>>>>> I set the session duration to 1 min and tried it with the new
>>>>> implementation for the getSessionEntry(), waited for a good 2-3 mins and
>>>>> the session is never invalidated any longer as if it's no longer touched.
>>>>> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
>>>>> explicitly through the Logout button which calls
>>>>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>>>>
>>>>> This is what makes me think that going off the HttpSessionListener
>>>>> might be better.
>>>>>
>>>>> ~ Thank you,
>>>>> Paul Bors
>>>>>
>>>>> -----Original Message-----
>>>>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>>> Sent: Saturday, September 28, 2013 3:44 AM
>>>>> To: users@wicket.apache.org
>>>>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> (GlassFish v3 and v4)
>>>>>
>>>>> I think both suggestions should be applied.
>>>>> The intentions are more clear, IMO.
>>>>>
>>>>> But let's wait Paul to explain what problem he faced. I don't expect
>>>>> problems with session timeouts because this is managed by the web
>>>>> container. If there is request then the session is touched. If the session
>>>>> is not touched for some predefined time then the web container invalidates
>>>>> it automatically.
>>>>>
>>>>>
>>>>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>>>>>
>>>>> > Martin's explanation fits the reported stacktrace nicely.
>>>>> >
>>>>> > We should definitely change getSessionEntry() as proposed. I don't
>>>>> see
>>>>> > an advantage in using an HttpSessionListener though.
>>>>> >
>>>>> > @Paul: What is broken now?
>>>>> >
>>>>> > Sven
>>>>> >
>>>>> >
>>>>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>>>>> >
>>>>> >> I take that back, the new implementation breaks the session timeout.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Paul Bors [mailto:paul@bors.ws]
>>>>> >> Sent: Friday, September 27, 2013 5:51 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: dev@wicket.apache.org
>>>>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>>>>> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
>>>>> >> it's working fine in GlassFish v3.1.2.2
>>>>> >>
>>>>> >> I'll withdraw my GLASSFISH-20828 bug.
>>>>> >>
>>>>> >> Should I open a new Wicket ticket instead?
>>>>> >>
>>>>> >> I do think the second suggestion of using HttpSessionListener
>>>>> instead
>>>>> >> is cleaner.
>>>>> >>
>>>>> >> ~ Thank you,
>>>>> >> Paul Bors
>>>>> >>
>>>>> >> -----Original Message-----
>>>>> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>>> >> Sent: Friday, September 27, 2013 4:09 PM
>>>>> >> To: users@wicket.apache.org
>>>>> >> Cc: dev@wicket.apache.org
>>>>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>>> >> (GlassFish
>>>>> >> v3 and v4)
>>>>> >>
>>>>> >> Reading your ticket against GF I think GF behaves correctly. But I
>>>>> >> wonder why Tomcat/Jetty don't do this.
>>>>> >>
>>>>> >> So here is what happens:
>>>>> >>
>>>>> >>
>>>>> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>>>>> >> **
>>>>> >> getSessionEntry
>>>>> >> looks like :
>>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId()); } if
>>>>> >> (entry != null) { synchronized (entry) {
>>>>> >> setSessionAttribute(**getAttributeName(),
>>>>> >> entry); } } return entry; }
>>>>> >>
>>>>> >> I think the correct code should be:
>>>>> >>
>>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>>> >> if (entry == null && create)
>>>>> >> {
>>>>> >> bind();
>>>>> >> entry = new SessionEntry(applicationName, getSessionId());
>>>>> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>>>>> >> I.e. set the SessionEntry as an attribute in the http session only
>>>>> >> when it is created.
>>>>> >>
>>>>> >> Because with the current code we call
>>>>> >> "setSessionAttribute(**getAttributeName(), entry);" even with
>>>>> already
>>>>> >> existing entries and this leads to notifications to
>>>>> >> HttpSessionBindingListener - new value is bound, old value is
>>>>> removed.
>>>>> >>
>>>>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>>>>> >>
>>>>> >> Another solution would be SessionEntry to implement
>>>>> >> HttpSessionListener instead and check the sessionId of the unbound
>>>>> >> session against its own one and clean the data store if they are
>>>>> equal.
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>>>> >>
>>>>> >> Created
>>>>> >> https://java.net/jira/browse/**GLASSFISH-20828<
>>>>> https://java.net/jira/
>>>>> >> browse/GLASSFISH-20828>
>>>>> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>>>> >>> after
>>>>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>>> >>>
>>>>> >>> Let's see what becomes of this...
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> -----
>>>>> >>> ~ Thank you,
>>>>> >>> Paul@Bors.ws
>>>>> >>> --
>>>>> >>> View this message in context:
>>>>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>>>> >>> Expired-excep<
>>>>> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>>>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>>>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>>>>> >>>
>>>>> >>> ------------------------------**------------------------------**
>>>>> >>> ---------
>>>>> >>> To unsubscribe, e-mail:
>>>>> >>> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apach
>>>>> >>> e.org> For additional commands, e-mail:
>>>>> users-help@wicket.apache.org
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> ------------------------------**------------------------------**-----
>>>>> >> ---- To unsubscribe, e-mail:
>>>>> >> users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache
>>>>> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>> ------------------------------**------------------------------**------
>>>>> > --- To unsubscribe, e-mail:
>>>>> > users-unsubscribe@wicket.**apache.org
>>>>> <users-unsubscribe@wicket.apache.
>>>>> > org> For additional commands, e-mail: users-help@wicket.apache.org
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
Applying only the first change that I suggested works on all - Jetty 8,
Tomcat 7 and Glassfish 4.
I've used:
WebRequest webRequest = (WebRequest) RequestCycle.get().getRequest();
HttpServletRequest httpRequest =
(HttpServletRequest)webRequest.getContainerRequest();
httpRequest.getSession().setMaxInactiveInterval(10);
and the session expires according to the web container's configurations.
Jetty's Scavenger thread runs every 30 secs by default, so the session is
invalidated between 1-30 secs after its expiration time.
Tomcat and GF seems to do this every 60 secs by default.
I'll create a ticket and commit the change.
On Mon, Sep 30, 2013 at 11:55 AM, Martin Grigorov <mg...@apache.org>wrote:
> Tomcat 7.x makes identity check:
>
> org.apache.catalina.session.StandardSession#setAttribute
> // Call the valueUnbound() method if necessary
> if (notify && (unbound != null) && (unbound != value) &&
> (unbound instanceof HttpSessionBindingListener)) {
>
>
> On Mon, Sep 30, 2013 at 11:49 AM, Martin Grigorov <mg...@apache.org>wrote:
>
>> Jetty 8.1.13 checks for equality of the old and the new values:
>> org.eclipse.jetty.server.session.AbstractSession#setAttribute
>> public void setAttribute(String name, Object value)
>> {
>> Object old=null;
>> synchronized (this)
>> {
>> checkValid();
>> old=doPutOrRemove(name,value);
>> }
>>
>> if (value==null || !value.equals(old)) // <<<<<
>> {
>> if (old!=null)
>> unbindValue(name,old);
>>
>> Since SessionEntry doesn't override #equals() the check is by reference.
>> Thus no notification.
>>
>>
>>
>> On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov <mg...@apache.org>wrote:
>>
>>> I'll test this and let you know.
>>>
>>>
>>> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
>>>
>>>> Sorry for the delay, it's the weekend :)
>>>>
>>>> In our webapp we let the system administrator control the user session
>>>> timeout which we set it via the Login page as:
>>>> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
>>>> HttpServletRequest httpRequest =
>>>> (HttpServletRequest)webRequest.getContainerRequest();
>>>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>>>
>>>> I set the session duration to 1 min and tried it with the new
>>>> implementation for the getSessionEntry(), waited for a good 2-3 mins and
>>>> the session is never invalidated any longer as if it's no longer touched.
>>>> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
>>>> explicitly through the Logout button which calls
>>>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>>>
>>>> This is what makes me think that going off the HttpSessionListener
>>>> might be better.
>>>>
>>>> ~ Thank you,
>>>> Paul Bors
>>>>
>>>> -----Original Message-----
>>>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>> Sent: Saturday, September 28, 2013 3:44 AM
>>>> To: users@wicket.apache.org
>>>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>> (GlassFish v3 and v4)
>>>>
>>>> I think both suggestions should be applied.
>>>> The intentions are more clear, IMO.
>>>>
>>>> But let's wait Paul to explain what problem he faced. I don't expect
>>>> problems with session timeouts because this is managed by the web
>>>> container. If there is request then the session is touched. If the session
>>>> is not touched for some predefined time then the web container invalidates
>>>> it automatically.
>>>>
>>>>
>>>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>>>>
>>>> > Martin's explanation fits the reported stacktrace nicely.
>>>> >
>>>> > We should definitely change getSessionEntry() as proposed. I don't see
>>>> > an advantage in using an HttpSessionListener though.
>>>> >
>>>> > @Paul: What is broken now?
>>>> >
>>>> > Sven
>>>> >
>>>> >
>>>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>>>> >
>>>> >> I take that back, the new implementation breaks the session timeout.
>>>> >>
>>>> >> ~ Thank you,
>>>> >> Paul Bors
>>>> >>
>>>> >> -----Original Message-----
>>>> >> From: Paul Bors [mailto:paul@bors.ws]
>>>> >> Sent: Friday, September 27, 2013 5:51 PM
>>>> >> To: users@wicket.apache.org
>>>> >> Cc: dev@wicket.apache.org
>>>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>> >> (GlassFish
>>>> >> v3 and v4)
>>>> >>
>>>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>>>> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
>>>> >> it's working fine in GlassFish v3.1.2.2
>>>> >>
>>>> >> I'll withdraw my GLASSFISH-20828 bug.
>>>> >>
>>>> >> Should I open a new Wicket ticket instead?
>>>> >>
>>>> >> I do think the second suggestion of using HttpSessionListener instead
>>>> >> is cleaner.
>>>> >>
>>>> >> ~ Thank you,
>>>> >> Paul Bors
>>>> >>
>>>> >> -----Original Message-----
>>>> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>>> >> Sent: Friday, September 27, 2013 4:09 PM
>>>> >> To: users@wicket.apache.org
>>>> >> Cc: dev@wicket.apache.org
>>>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>>> >> (GlassFish
>>>> >> v3 and v4)
>>>> >>
>>>> >> Reading your ticket against GF I think GF behaves correctly. But I
>>>> >> wonder why Tomcat/Jetty don't do this.
>>>> >>
>>>> >> So here is what happens:
>>>> >>
>>>> >> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>>>> >> **
>>>> >> getSessionEntry
>>>> >> looks like :
>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>> >> if (entry == null && create)
>>>> >> {
>>>> >> bind();
>>>> >> entry = new SessionEntry(applicationName, getSessionId()); } if
>>>> >> (entry != null) { synchronized (entry) {
>>>> >> setSessionAttribute(**getAttributeName(),
>>>> >> entry); } } return entry; }
>>>> >>
>>>> >> I think the correct code should be:
>>>> >>
>>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>>> >> if (entry == null && create)
>>>> >> {
>>>> >> bind();
>>>> >> entry = new SessionEntry(applicationName, getSessionId());
>>>> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>>>> >> I.e. set the SessionEntry as an attribute in the http session only
>>>> >> when it is created.
>>>> >>
>>>> >> Because with the current code we call
>>>> >> "setSessionAttribute(**getAttributeName(), entry);" even with already
>>>> >> existing entries and this leads to notifications to
>>>> >> HttpSessionBindingListener - new value is bound, old value is
>>>> removed.
>>>> >>
>>>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>>>> >>
>>>> >> Another solution would be SessionEntry to implement
>>>> >> HttpSessionListener instead and check the sessionId of the unbound
>>>> >> session against its own one and clean the data store if they are
>>>> equal.
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>>> >>
>>>> >> Created
>>>> >> https://java.net/jira/browse/**GLASSFISH-20828<
>>>> https://java.net/jira/
>>>> >> browse/GLASSFISH-20828>
>>>> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>>> >>> after
>>>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>> >>>
>>>> >>> Let's see what becomes of this...
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> -----
>>>> >>> ~ Thank you,
>>>> >>> Paul@Bors.ws
>>>> >>> --
>>>> >>> View this message in context:
>>>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>>> >>> Expired-excep<
>>>> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>>>> >>>
>>>> >>> ------------------------------**------------------------------**
>>>> >>> ---------
>>>> >>> To unsubscribe, e-mail:
>>>> >>> users-unsubscribe@wicket.**apache.org
>>>> <users-unsubscribe@wicket.apach
>>>> >>> e.org> For additional commands, e-mail:
>>>> users-help@wicket.apache.org
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>
>>>> >> ------------------------------**------------------------------**-----
>>>> >> ---- To unsubscribe, e-mail:
>>>> >> users-unsubscribe@wicket.**apache.org
>>>> <users-unsubscribe@wicket.apache
>>>> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
>>>> >>
>>>> >>
>>>> >
>>>> > ------------------------------**------------------------------**------
>>>> > --- To unsubscribe, e-mail:
>>>> > users-unsubscribe@wicket.**apache.org
>>>> <users-unsubscribe@wicket.apache.
>>>> > org> For additional commands, e-mail: users-help@wicket.apache.org
>>>> >
>>>> >
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>
>
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
Tomcat 7.x makes identity check:
org.apache.catalina.session.StandardSession#setAttribute
// Call the valueUnbound() method if necessary
if (notify && (unbound != null) && (unbound != value) &&
(unbound instanceof HttpSessionBindingListener)) {
On Mon, Sep 30, 2013 at 11:49 AM, Martin Grigorov <mg...@apache.org>wrote:
> Jetty 8.1.13 checks for equality of the old and the new values:
> org.eclipse.jetty.server.session.AbstractSession#setAttribute
> public void setAttribute(String name, Object value)
> {
> Object old=null;
> synchronized (this)
> {
> checkValid();
> old=doPutOrRemove(name,value);
> }
>
> if (value==null || !value.equals(old)) // <<<<<
> {
> if (old!=null)
> unbindValue(name,old);
>
> Since SessionEntry doesn't override #equals() the check is by reference.
> Thus no notification.
>
>
>
> On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov <mg...@apache.org>wrote:
>
>> I'll test this and let you know.
>>
>>
>> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
>>
>>> Sorry for the delay, it's the weekend :)
>>>
>>> In our webapp we let the system administrator control the user session
>>> timeout which we set it via the Login page as:
>>> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
>>> HttpServletRequest httpRequest =
>>> (HttpServletRequest)webRequest.getContainerRequest();
>>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>>
>>> I set the session duration to 1 min and tried it with the new
>>> implementation for the getSessionEntry(), waited for a good 2-3 mins and
>>> the session is never invalidated any longer as if it's no longer touched.
>>> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
>>> explicitly through the Logout button which calls
>>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>>
>>> This is what makes me think that going off the HttpSessionListener might
>>> be better.
>>>
>>> ~ Thank you,
>>> Paul Bors
>>>
>>> -----Original Message-----
>>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>> Sent: Saturday, September 28, 2013 3:44 AM
>>> To: users@wicket.apache.org
>>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>> (GlassFish v3 and v4)
>>>
>>> I think both suggestions should be applied.
>>> The intentions are more clear, IMO.
>>>
>>> But let's wait Paul to explain what problem he faced. I don't expect
>>> problems with session timeouts because this is managed by the web
>>> container. If there is request then the session is touched. If the session
>>> is not touched for some predefined time then the web container invalidates
>>> it automatically.
>>>
>>>
>>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>>>
>>> > Martin's explanation fits the reported stacktrace nicely.
>>> >
>>> > We should definitely change getSessionEntry() as proposed. I don't see
>>> > an advantage in using an HttpSessionListener though.
>>> >
>>> > @Paul: What is broken now?
>>> >
>>> > Sven
>>> >
>>> >
>>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>>> >
>>> >> I take that back, the new implementation breaks the session timeout.
>>> >>
>>> >> ~ Thank you,
>>> >> Paul Bors
>>> >>
>>> >> -----Original Message-----
>>> >> From: Paul Bors [mailto:paul@bors.ws]
>>> >> Sent: Friday, September 27, 2013 5:51 PM
>>> >> To: users@wicket.apache.org
>>> >> Cc: dev@wicket.apache.org
>>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>>> >> (GlassFish
>>> >> v3 and v4)
>>> >>
>>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>>> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
>>> >> it's working fine in GlassFish v3.1.2.2
>>> >>
>>> >> I'll withdraw my GLASSFISH-20828 bug.
>>> >>
>>> >> Should I open a new Wicket ticket instead?
>>> >>
>>> >> I do think the second suggestion of using HttpSessionListener instead
>>> >> is cleaner.
>>> >>
>>> >> ~ Thank you,
>>> >> Paul Bors
>>> >>
>>> >> -----Original Message-----
>>> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>>> >> Sent: Friday, September 27, 2013 4:09 PM
>>> >> To: users@wicket.apache.org
>>> >> Cc: dev@wicket.apache.org
>>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>>> >> (GlassFish
>>> >> v3 and v4)
>>> >>
>>> >> Reading your ticket against GF I think GF behaves correctly. But I
>>> >> wonder why Tomcat/Jetty don't do this.
>>> >>
>>> >> So here is what happens:
>>> >>
>>> >> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>>> >> **
>>> >> getSessionEntry
>>> >> looks like :
>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>> >> if (entry == null && create)
>>> >> {
>>> >> bind();
>>> >> entry = new SessionEntry(applicationName, getSessionId()); } if
>>> >> (entry != null) { synchronized (entry) {
>>> >> setSessionAttribute(**getAttributeName(),
>>> >> entry); } } return entry; }
>>> >>
>>> >> I think the correct code should be:
>>> >>
>>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>>> >> if (entry == null && create)
>>> >> {
>>> >> bind();
>>> >> entry = new SessionEntry(applicationName, getSessionId());
>>> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>>> >> I.e. set the SessionEntry as an attribute in the http session only
>>> >> when it is created.
>>> >>
>>> >> Because with the current code we call
>>> >> "setSessionAttribute(**getAttributeName(), entry);" even with already
>>> >> existing entries and this leads to notifications to
>>> >> HttpSessionBindingListener - new value is bound, old value is removed.
>>> >>
>>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>>> >>
>>> >> Another solution would be SessionEntry to implement
>>> >> HttpSessionListener instead and check the sessionId of the unbound
>>> >> session against its own one and clean the data store if they are
>>> equal.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>> >>
>>> >> Created
>>> >> https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/
>>> >> browse/GLASSFISH-20828>
>>> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>> >>> after
>>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>> >>>
>>> >>> Let's see what becomes of this...
>>> >>>
>>> >>>
>>> >>>
>>> >>> -----
>>> >>> ~ Thank you,
>>> >>> Paul@Bors.ws
>>> >>> --
>>> >>> View this message in context:
>>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>> >>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>>> >>>
>>> >>> ------------------------------**------------------------------**
>>> >>> ---------
>>> >>> To unsubscribe, e-mail:
>>> >>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apach
>>> >>> e.org> For additional commands, e-mail: users-help@wicket.apache.org
>>> >>>
>>> >>>
>>> >>>
>>> >>
>>> >> ------------------------------**------------------------------**-----
>>> >> ---- To unsubscribe, e-mail:
>>> >> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache
>>> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
>>> >>
>>> >>
>>> >
>>> > ------------------------------**------------------------------**------
>>> > --- To unsubscribe, e-mail:
>>> > users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache.
>>> > org> For additional commands, e-mail: users-help@wicket.apache.org
>>> >
>>> >
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
Jetty 8.1.13 checks for equality of the old and the new values:
org.eclipse.jetty.server.session.AbstractSession#setAttribute
public void setAttribute(String name, Object value)
{
Object old=null;
synchronized (this)
{
checkValid();
old=doPutOrRemove(name,value);
}
if (value==null || !value.equals(old)) // <<<<<
{
if (old!=null)
unbindValue(name,old);
Since SessionEntry doesn't override #equals() the check is by reference.
Thus no notification.
On Mon, Sep 30, 2013 at 11:32 AM, Martin Grigorov <mg...@apache.org>wrote:
> I'll test this and let you know.
>
>
> On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
>
>> Sorry for the delay, it's the weekend :)
>>
>> In our webapp we let the system administrator control the user session
>> timeout which we set it via the Login page as:
>> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
>> HttpServletRequest httpRequest =
>> (HttpServletRequest)webRequest.getContainerRequest();
>> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>>
>> I set the session duration to 1 min and tried it with the new
>> implementation for the getSessionEntry(), waited for a good 2-3 mins and
>> the session is never invalidated any longer as if it's no longer touched.
>> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
>> explicitly through the Logout button which calls
>> o.a.w.protocol.http.WebSession.get().invalidateNow();
>>
>> This is what makes me think that going off the HttpSessionListener might
>> be better.
>>
>> ~ Thank you,
>> Paul Bors
>>
>> -----Original Message-----
>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>> Sent: Saturday, September 28, 2013 3:44 AM
>> To: users@wicket.apache.org
>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
>> v3 and v4)
>>
>> I think both suggestions should be applied.
>> The intentions are more clear, IMO.
>>
>> But let's wait Paul to explain what problem he faced. I don't expect
>> problems with session timeouts because this is managed by the web
>> container. If there is request then the session is touched. If the session
>> is not touched for some predefined time then the web container invalidates
>> it automatically.
>>
>>
>> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>>
>> > Martin's explanation fits the reported stacktrace nicely.
>> >
>> > We should definitely change getSessionEntry() as proposed. I don't see
>> > an advantage in using an HttpSessionListener though.
>> >
>> > @Paul: What is broken now?
>> >
>> > Sven
>> >
>> >
>> > On 09/28/2013 12:15 AM, Paul Bors wrote:
>> >
>> >> I take that back, the new implementation breaks the session timeout.
>> >>
>> >> ~ Thank you,
>> >> Paul Bors
>> >>
>> >> -----Original Message-----
>> >> From: Paul Bors [mailto:paul@bors.ws]
>> >> Sent: Friday, September 27, 2013 5:51 PM
>> >> To: users@wicket.apache.org
>> >> Cc: dev@wicket.apache.org
>> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>> >> (GlassFish
>> >> v3 and v4)
>> >>
>> >> I tested with the proposed o.a.w.p.PageStoreManager.**
>> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
>> >> it's working fine in GlassFish v3.1.2.2
>> >>
>> >> I'll withdraw my GLASSFISH-20828 bug.
>> >>
>> >> Should I open a new Wicket ticket instead?
>> >>
>> >> I do think the second suggestion of using HttpSessionListener instead
>> >> is cleaner.
>> >>
>> >> ~ Thank you,
>> >> Paul Bors
>> >>
>> >> -----Original Message-----
>> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>> >> Sent: Friday, September 27, 2013 4:09 PM
>> >> To: users@wicket.apache.org
>> >> Cc: dev@wicket.apache.org
>> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>> >> (GlassFish
>> >> v3 and v4)
>> >>
>> >> Reading your ticket against GF I think GF behaves correctly. But I
>> >> wonder why Tomcat/Jetty don't do this.
>> >>
>> >> So here is what happens:
>> >>
>> >> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>> >> **
>> >> getSessionEntry
>> >> looks like :
>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> >> if (entry == null && create)
>> >> {
>> >> bind();
>> >> entry = new SessionEntry(applicationName, getSessionId()); } if
>> >> (entry != null) { synchronized (entry) {
>> >> setSessionAttribute(**getAttributeName(),
>> >> entry); } } return entry; }
>> >>
>> >> I think the correct code should be:
>> >>
>> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> >> if (entry == null && create)
>> >> {
>> >> bind();
>> >> entry = new SessionEntry(applicationName, getSessionId());
>> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>> >> I.e. set the SessionEntry as an attribute in the http session only
>> >> when it is created.
>> >>
>> >> Because with the current code we call
>> >> "setSessionAttribute(**getAttributeName(), entry);" even with already
>> >> existing entries and this leads to notifications to
>> >> HttpSessionBindingListener - new value is bound, old value is removed.
>> >>
>> >> I guess Tomcat and Jetty optimize this by doing identity check.
>> >>
>> >> Another solution would be SessionEntry to implement
>> >> HttpSessionListener instead and check the sessionId of the unbound
>> >> session against its own one and clean the data store if they are equal.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>> >>
>> >> Created
>> >> https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/
>> >> browse/GLASSFISH-20828>
>> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
>> >>> after
>> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>> >>>
>> >>> Let's see what becomes of this...
>> >>>
>> >>>
>> >>>
>> >>> -----
>> >>> ~ Thank you,
>> >>> Paul@Bors.ws
>> >>> --
>> >>> View this message in context:
>> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>> >>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>> >>> Sent from the Users forum mailing list archive at Nabble.com.
>> >>>
>> >>> ------------------------------**------------------------------**
>> >>> ---------
>> >>> To unsubscribe, e-mail:
>> >>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apach
>> >>> e.org> For additional commands, e-mail: users-help@wicket.apache.org
>> >>>
>> >>>
>> >>>
>> >>
>> >> ------------------------------**------------------------------**-----
>> >> ---- To unsubscribe, e-mail:
>> >> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache
>> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
>> >>
>> >>
>> >
>> > ------------------------------**------------------------------**------
>> > --- To unsubscribe, e-mail:
>> > users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache.
>> > org> For additional commands, e-mail: users-help@wicket.apache.org
>> >
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
I'll test this and let you know.
On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <pa...@bors.ws> wrote:
> Sorry for the delay, it's the weekend :)
>
> In our webapp we let the system administrator control the user session
> timeout which we set it via the Login page as:
> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
> HttpServletRequest httpRequest =
> (HttpServletRequest)webRequest.getContainerRequest();
> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>
> I set the session duration to 1 min and tried it with the new
> implementation for the getSessionEntry(), waited for a good 2-3 mins and
> the session is never invalidated any longer as if it's no longer touched.
> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
> explicitly through the Logout button which calls
> o.a.w.protocol.http.WebSession.get().invalidateNow();
>
> This is what makes me think that going off the HttpSessionListener might
> be better.
>
> ~ Thank you,
> Paul Bors
>
> -----Original Message-----
> From: Martin Grigorov [mailto:mgrigorov@apache.org]
> Sent: Saturday, September 28, 2013 3:44 AM
> To: users@wicket.apache.org
> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
> v3 and v4)
>
> I think both suggestions should be applied.
> The intentions are more clear, IMO.
>
> But let's wait Paul to explain what problem he faced. I don't expect
> problems with session timeouts because this is managed by the web
> container. If there is request then the session is touched. If the session
> is not touched for some predefined time then the web container invalidates
> it automatically.
>
>
> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
>
> > Martin's explanation fits the reported stacktrace nicely.
> >
> > We should definitely change getSessionEntry() as proposed. I don't see
> > an advantage in using an HttpSessionListener though.
> >
> > @Paul: What is broken now?
> >
> > Sven
> >
> >
> > On 09/28/2013 12:15 AM, Paul Bors wrote:
> >
> >> I take that back, the new implementation breaks the session timeout.
> >>
> >> ~ Thank you,
> >> Paul Bors
> >>
> >> -----Original Message-----
> >> From: Paul Bors [mailto:paul@bors.ws]
> >> Sent: Friday, September 27, 2013 5:51 PM
> >> To: users@wicket.apache.org
> >> Cc: dev@wicket.apache.org
> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
> >> (GlassFish
> >> v3 and v4)
> >>
> >> I tested with the proposed o.a.w.p.PageStoreManager.**
> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
> >> it's working fine in GlassFish v3.1.2.2
> >>
> >> I'll withdraw my GLASSFISH-20828 bug.
> >>
> >> Should I open a new Wicket ticket instead?
> >>
> >> I do think the second suggestion of using HttpSessionListener instead
> >> is cleaner.
> >>
> >> ~ Thank you,
> >> Paul Bors
> >>
> >> -----Original Message-----
> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
> >> Sent: Friday, September 27, 2013 4:09 PM
> >> To: users@wicket.apache.org
> >> Cc: dev@wicket.apache.org
> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
> >> (GlassFish
> >> v3 and v4)
> >>
> >> Reading your ticket against GF I think GF behaves correctly. But I
> >> wonder why Tomcat/Jetty don't do this.
> >>
> >> So here is what happens:
> >>
> >> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
> >> **
> >> getSessionEntry
> >> looks like :
> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
> >> if (entry == null && create)
> >> {
> >> bind();
> >> entry = new SessionEntry(applicationName, getSessionId()); } if
> >> (entry != null) { synchronized (entry) {
> >> setSessionAttribute(**getAttributeName(),
> >> entry); } } return entry; }
> >>
> >> I think the correct code should be:
> >>
> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
> >> if (entry == null && create)
> >> {
> >> bind();
> >> entry = new SessionEntry(applicationName, getSessionId());
> >> setSessionAttribute(**getAttributeName(), entry); } return entry; }
> >> I.e. set the SessionEntry as an attribute in the http session only
> >> when it is created.
> >>
> >> Because with the current code we call
> >> "setSessionAttribute(**getAttributeName(), entry);" even with already
> >> existing entries and this leads to notifications to
> >> HttpSessionBindingListener - new value is bound, old value is removed.
> >>
> >> I guess Tomcat and Jetty optimize this by doing identity check.
> >>
> >> Another solution would be SessionEntry to implement
> >> HttpSessionListener instead and check the sessionId of the unbound
> >> session against its own one and clean the data store if they are equal.
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
> >>
> >> Created
> >> https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/
> >> browse/GLASSFISH-20828>
> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
> >>> after
> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
> >>>
> >>> Let's see what becomes of this...
> >>>
> >>>
> >>>
> >>> -----
> >>> ~ Thank you,
> >>> Paul@Bors.ws
> >>> --
> >>> View this message in context:
> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
> >>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
> >>> Sent from the Users forum mailing list archive at Nabble.com.
> >>>
> >>> ------------------------------**------------------------------**
> >>> ---------
> >>> To unsubscribe, e-mail:
> >>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apach
> >>> e.org> For additional commands, e-mail: users-help@wicket.apache.org
> >>>
> >>>
> >>>
> >>
> >> ------------------------------**------------------------------**-----
> >> ---- To unsubscribe, e-mail:
> >> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache
> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >
> > ------------------------------**------------------------------**------
> > --- To unsubscribe, e-mail:
> > users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache.
> > org> For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Posted by Paul Bors <pa...@bors.ws>.
Sorry for the delay, it's the weekend :)
In our webapp we let the system administrator control the user session timeout which we set it via the Login page as:
WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
HttpServletRequest httpRequest = (HttpServletRequest)webRequest.getContainerRequest();
httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
I set the session duration to 1 min and tried it with the new implementation for the getSessionEntry(), waited for a good 2-3 mins and the session is never invalidated any longer as if it's no longer touched. My breakpoint on SessionEntry.valueUnbound() is not called either, unless explicitly through the Logout button which calls o.a.w.protocol.http.WebSession.get().invalidateNow();
This is what makes me think that going off the HttpSessionListener might be better.
~ Thank you,
Paul Bors
-----Original Message-----
From: Martin Grigorov [mailto:mgrigorov@apache.org]
Sent: Saturday, September 28, 2013 3:44 AM
To: users@wicket.apache.org
Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
I think both suggestions should be applied.
The intentions are more clear, IMO.
But let's wait Paul to explain what problem he faced. I don't expect problems with session timeouts because this is managed by the web container. If there is request then the session is touched. If the session is not touched for some predefined time then the web container invalidates it automatically.
On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
> Martin's explanation fits the reported stacktrace nicely.
>
> We should definitely change getSessionEntry() as proposed. I don't see
> an advantage in using an HttpSessionListener though.
>
> @Paul: What is broken now?
>
> Sven
>
>
> On 09/28/2013 12:15 AM, Paul Bors wrote:
>
>> I take that back, the new implementation breaks the session timeout.
>>
>> ~ Thank you,
>> Paul Bors
>>
>> -----Original Message-----
>> From: Paul Bors [mailto:paul@bors.ws]
>> Sent: Friday, September 27, 2013 5:51 PM
>> To: users@wicket.apache.org
>> Cc: dev@wicket.apache.org
>> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
>> (GlassFish
>> v3 and v4)
>>
>> I tested with the proposed o.a.w.p.PageStoreManager.**
>> PersistentRequestAdapter#**getSessionEntry() new implementation and
>> it's working fine in GlassFish v3.1.2.2
>>
>> I'll withdraw my GLASSFISH-20828 bug.
>>
>> Should I open a new Wicket ticket instead?
>>
>> I do think the second suggestion of using HttpSessionListener instead
>> is cleaner.
>>
>> ~ Thank you,
>> Paul Bors
>>
>> -----Original Message-----
>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>> Sent: Friday, September 27, 2013 4:09 PM
>> To: users@wicket.apache.org
>> Cc: dev@wicket.apache.org
>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
>> (GlassFish
>> v3 and v4)
>>
>> Reading your ticket against GF I think GF behaves correctly. But I
>> wonder why Tomcat/Jetty don't do this.
>>
>> So here is what happens:
>>
>> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
>> **
>> getSessionEntry
>> looks like :
>> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> if (entry == null && create)
>> {
>> bind();
>> entry = new SessionEntry(applicationName, getSessionId()); } if
>> (entry != null) { synchronized (entry) {
>> setSessionAttribute(**getAttributeName(),
>> entry); } } return entry; }
>>
>> I think the correct code should be:
>>
>> private SessionEntry getSessionEntry(boolean create) { SessionEntry
>> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> if (entry == null && create)
>> {
>> bind();
>> entry = new SessionEntry(applicationName, getSessionId());
>> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>> I.e. set the SessionEntry as an attribute in the http session only
>> when it is created.
>>
>> Because with the current code we call
>> "setSessionAttribute(**getAttributeName(), entry);" even with already
>> existing entries and this leads to notifications to
>> HttpSessionBindingListener - new value is bound, old value is removed.
>>
>> I guess Tomcat and Jetty optimize this by doing identity check.
>>
>> Another solution would be SessionEntry to implement
>> HttpSessionListener instead and check the sessionId of the unbound
>> session against its own one and clean the data store if they are equal.
>>
>>
>>
>>
>>
>> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>
>> Created
>> https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/
>> browse/GLASSFISH-20828>
>>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>> after
>>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>
>>> Let's see what becomes of this...
>>>
>>>
>>>
>>> -----
>>> ~ Thank you,
>>> Paul@Bors.ws
>>> --
>>> View this message in context:
>>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
>>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>> Sent from the Users forum mailing list archive at Nabble.com.
>>>
>>> ------------------------------**------------------------------**
>>> ---------
>>> To unsubscribe, e-mail:
>>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apach
>>> e.org> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ------------------------------**------------------------------**-----
>> ---- To unsubscribe, e-mail:
>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache
>> .org> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ------------------------------**------------------------------**------
> --- To unsubscribe, e-mail:
> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache.
> org> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3
and v4)
Posted by Martin Grigorov <mg...@apache.org>.
I think both suggestions should be applied.
The intentions are more clear, IMO.
But let's wait Paul to explain what problem he faced. I don't expect
problems with session timeouts because this is managed by the web
container. If there is request then the session is touched. If the session
is not touched for some predefined time then the web container invalidates
it automatically.
On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sv...@meiers.net> wrote:
> Martin's explanation fits the reported stacktrace nicely.
>
> We should definitely change getSessionEntry() as proposed. I don't see an
> advantage in using an HttpSessionListener though.
>
> @Paul: What is broken now?
>
> Sven
>
>
> On 09/28/2013 12:15 AM, Paul Bors wrote:
>
>> I take that back, the new implementation breaks the session timeout.
>>
>> ~ Thank you,
>> Paul Bors
>>
>> -----Original Message-----
>> From: Paul Bors [mailto:paul@bors.ws]
>> Sent: Friday, September 27, 2013 5:51 PM
>> To: users@wicket.apache.org
>> Cc: dev@wicket.apache.org
>> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
>> v3 and v4)
>>
>> I tested with the proposed o.a.w.p.PageStoreManager.**
>> PersistentRequestAdapter#**getSessionEntry() new implementation and it's
>> working fine in GlassFish v3.1.2.2
>>
>> I'll withdraw my GLASSFISH-20828 bug.
>>
>> Should I open a new Wicket ticket instead?
>>
>> I do think the second suggestion of using HttpSessionListener instead is
>> cleaner.
>>
>> ~ Thank you,
>> Paul Bors
>>
>> -----Original Message-----
>> From: Martin Grigorov [mailto:mgrigorov@apache.org]
>> Sent: Friday, September 27, 2013 4:09 PM
>> To: users@wicket.apache.org
>> Cc: dev@wicket.apache.org
>> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
>> v3 and v4)
>>
>> Reading your ticket against GF I think GF behaves correctly. But I wonder
>> why Tomcat/Jetty don't do this.
>>
>> So here is what happens:
>>
>> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#**
>> getSessionEntry
>> looks like :
>> private SessionEntry getSessionEntry(boolean create) { SessionEntry entry
>> = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> if (entry == null && create)
>> {
>> bind();
>> entry = new SessionEntry(applicationName, getSessionId()); } if (entry
>> != null) { synchronized (entry) { setSessionAttribute(**getAttributeName(),
>> entry); } } return entry; }
>>
>> I think the correct code should be:
>>
>> private SessionEntry getSessionEntry(boolean create) { SessionEntry entry
>> = (SessionEntry)**getSessionAttribute(**getAttributeName());
>> if (entry == null && create)
>> {
>> bind();
>> entry = new SessionEntry(applicationName, getSessionId());
>> setSessionAttribute(**getAttributeName(), entry); } return entry; }
>> I.e. set the SessionEntry as an attribute in the http session only when it
>> is created.
>>
>> Because with the current code we call
>> "setSessionAttribute(**getAttributeName(), entry);" even with already
>> existing entries and this leads to notifications to
>> HttpSessionBindingListener - new value is bound, old value is removed.
>>
>> I guess Tomcat and Jetty optimize this by doing identity check.
>>
>> Another solution would be SessionEntry to implement HttpSessionListener
>> instead and check the sessionId of the unbound session against its own one
>> and clean the data store if they are equal.
>>
>>
>>
>>
>>
>> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>>
>> Created https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/browse/GLASSFISH-20828>
>>> "HttpSessionBindingListener.**valueUnbound() is always called right
>>> after
>>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
>>>
>>> Let's see what becomes of this...
>>>
>>>
>>>
>>> -----
>>> ~ Thank you,
>>> Paul@Bors.ws
>>> --
>>> View this message in context:
>>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
>>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Page-Expired-excep>
>>> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
>>> Sent from the Users forum mailing list archive at Nabble.com.
>>>
>>> ------------------------------**------------------------------**
>>> ---------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.org<us...@wicket.apache.org>
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.org<us...@wicket.apache.org>
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.org<us...@wicket.apache.org>
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
v3 and v4)
Posted by Sven Meier <sv...@meiers.net>.
Martin's explanation fits the reported stacktrace nicely.
We should definitely change getSessionEntry() as proposed. I don't see
an advantage in using an HttpSessionListener though.
@Paul: What is broken now?
Sven
On 09/28/2013 12:15 AM, Paul Bors wrote:
> I take that back, the new implementation breaks the session timeout.
>
> ~ Thank you,
> Paul Bors
>
> -----Original Message-----
> From: Paul Bors [mailto:paul@bors.ws]
> Sent: Friday, September 27, 2013 5:51 PM
> To: users@wicket.apache.org
> Cc: dev@wicket.apache.org
> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
>
> I tested with the proposed o.a.w.p.PageStoreManager.PersistentRequestAdapter#getSessionEntry() new implementation and it's working fine in GlassFish v3.1.2.2
>
> I'll withdraw my GLASSFISH-20828 bug.
>
> Should I open a new Wicket ticket instead?
>
> I do think the second suggestion of using HttpSessionListener instead is cleaner.
>
> ~ Thank you,
> Paul Bors
>
> -----Original Message-----
> From: Martin Grigorov [mailto:mgrigorov@apache.org]
> Sent: Friday, September 27, 2013 4:09 PM
> To: users@wicket.apache.org
> Cc: dev@wicket.apache.org
> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
>
> Reading your ticket against GF I think GF behaves correctly. But I wonder why Tomcat/Jetty don't do this.
>
> So here is what happens:
>
> org.apache.wicket.page.PageStoreManager.PersistentRequestAdapter#getSessionEntry
> looks like :
> private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
> if (entry == null && create)
> {
> bind();
> entry = new SessionEntry(applicationName, getSessionId()); } if (entry != null) { synchronized (entry) { setSessionAttribute(getAttributeName(), entry); } } return entry; }
>
> I think the correct code should be:
>
> private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
> if (entry == null && create)
> {
> bind();
> entry = new SessionEntry(applicationName, getSessionId()); setSessionAttribute(getAttributeName(), entry); } return entry; } I.e. set the SessionEntry as an attribute in the http session only when it is created.
>
> Because with the current code we call
> "setSessionAttribute(getAttributeName(), entry);" even with already existing entries and this leads to notifications to HttpSessionBindingListener - new value is bound, old value is removed.
>
> I guess Tomcat and Jetty optimize this by doing identity check.
>
> Another solution would be SessionEntry to implement HttpSessionListener instead and check the sessionId of the unbound session against its own one and clean the data store if they are equal.
>
>
>
>
>
> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
>
>> Created https://java.net/jira/browse/GLASSFISH-20828
>> "HttpSessionBindingListener.valueUnbound() is always called right
>> after
>> valueBound() with a null HttpSessionBindingEvent.getValue()"
>>
>> Let's see what becomes of this...
>>
>>
>>
>> -----
>> ~ Thank you,
>> Paul@Bors.ws
>> --
>> View this message in context:
>> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Page-Expired-excep
>> tions-in-Wicket-6-10-0-tp4661502p4661582.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Posted by Paul Bors <pa...@bors.ws>.
I take that back, the new implementation breaks the session timeout.
~ Thank you,
Paul Bors
-----Original Message-----
From: Paul Bors [mailto:paul@bors.ws]
Sent: Friday, September 27, 2013 5:51 PM
To: users@wicket.apache.org
Cc: dev@wicket.apache.org
Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
I tested with the proposed o.a.w.p.PageStoreManager.PersistentRequestAdapter#getSessionEntry() new implementation and it's working fine in GlassFish v3.1.2.2
I'll withdraw my GLASSFISH-20828 bug.
Should I open a new Wicket ticket instead?
I do think the second suggestion of using HttpSessionListener instead is cleaner.
~ Thank you,
Paul Bors
-----Original Message-----
From: Martin Grigorov [mailto:mgrigorov@apache.org]
Sent: Friday, September 27, 2013 4:09 PM
To: users@wicket.apache.org
Cc: dev@wicket.apache.org
Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Reading your ticket against GF I think GF behaves correctly. But I wonder why Tomcat/Jetty don't do this.
So here is what happens:
org.apache.wicket.page.PageStoreManager.PersistentRequestAdapter#getSessionEntry
looks like :
private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId()); } if (entry != null) { synchronized (entry) { setSessionAttribute(getAttributeName(), entry); } } return entry; }
I think the correct code should be:
private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId()); setSessionAttribute(getAttributeName(), entry); } return entry; } I.e. set the SessionEntry as an attribute in the http session only when it is created.
Because with the current code we call
"setSessionAttribute(getAttributeName(), entry);" even with already existing entries and this leads to notifications to HttpSessionBindingListener - new value is bound, old value is removed.
I guess Tomcat and Jetty optimize this by doing identity check.
Another solution would be SessionEntry to implement HttpSessionListener instead and check the sessionId of the unbound session against its own one and clean the data store if they are equal.
On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
> Created https://java.net/jira/browse/GLASSFISH-20828
> "HttpSessionBindingListener.valueUnbound() is always called right
> after
> valueBound() with a null HttpSessionBindingEvent.getValue()"
>
> Let's see what becomes of this...
>
>
>
> -----
> ~ Thank you,
> Paul@Bors.ws
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Page-Expired-excep
> tions-in-Wicket-6-10-0-tp4661502p4661582.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Posted by Paul Bors <pa...@bors.ws>.
I tested with the proposed o.a.w.p.PageStoreManager.PersistentRequestAdapter#getSessionEntry() new implementation and it's working fine in GlassFish v3.1.2.2
I'll withdraw my GLASSFISH-20828 bug.
Should I open a new Wicket ticket instead?
I do think the second suggestion of using HttpSessionListener instead is cleaner.
~ Thank you,
Paul Bors
-----Original Message-----
From: Martin Grigorov [mailto:mgrigorov@apache.org]
Sent: Friday, September 27, 2013 4:09 PM
To: users@wicket.apache.org
Cc: dev@wicket.apache.org
Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Reading your ticket against GF I think GF behaves correctly. But I wonder why Tomcat/Jetty don't do this.
So here is what happens:
org.apache.wicket.page.PageStoreManager.PersistentRequestAdapter#getSessionEntry
looks like :
private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId()); } if (entry != null) { synchronized (entry) { setSessionAttribute(getAttributeName(), entry); } } return entry; }
I think the correct code should be:
private SessionEntry getSessionEntry(boolean create) { SessionEntry entry = (SessionEntry)getSessionAttribute(getAttributeName());
if (entry == null && create)
{
bind();
entry = new SessionEntry(applicationName, getSessionId()); setSessionAttribute(getAttributeName(), entry); } return entry; } I.e. set the SessionEntry as an attribute in the http session only when it is created.
Because with the current code we call
"setSessionAttribute(getAttributeName(), entry);" even with already existing entries and this leads to notifications to HttpSessionBindingListener - new value is bound, old value is removed.
I guess Tomcat and Jetty optimize this by doing identity check.
Another solution would be SessionEntry to implement HttpSessionListener instead and check the sessionId of the unbound session against its own one and clean the data store if they are equal.
On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <pa...@bors.ws> wrote:
> Created https://java.net/jira/browse/GLASSFISH-20828
> "HttpSessionBindingListener.valueUnbound() is always called right
> after
> valueBound() with a null HttpSessionBindingEvent.getValue()"
>
> Let's see what becomes of this...
>
>
>
> -----
> ~ Thank you,
> Paul@Bors.ws
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Page-Expired-excep
> tions-in-Wicket-6-10-0-tp4661502p4661582.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org