You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Ernesto Reinaldo Barreiro (Jira)" <ji...@apache.org> on 2020/10/30 12:03:00 UTC
[jira] [Comment Edited] (WICKET-6848) Session invalidation fails
because response is already committed
[ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17223601#comment-17223601 ]
Ernesto Reinaldo Barreiro edited comment on WICKET-6848 at 10/30/20, 12:02 PM:
-------------------------------------------------------------------------------
Hi Emond,
+ if (reqProcessed && !Session.isSessionInvalidated(requestCycle))
{
Cannot this be Session.get().isInvalidated()? Or was session already detached from request thread?
was (Author: reiern70):
Hi Emond,
+ if (reqProcessed && !Session.isSessionInvalidated(requestCycle))
{
Cannot this be Session.get().isInvalidated()? Or session was already detached from request thread?
> Session invalidation fails because response is already committed
> ----------------------------------------------------------------
>
> Key: WICKET-6848
> URL: https://issues.apache.org/jira/browse/WICKET-6848
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 9.1.0
> Reporter: Emond Papegaaij
> Priority: Major
> Attachments: WICKET-6848.diff, wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely related to the changes made with WICKET-6831. We are currently checking if this has been fixed by the latest changes on master, but I believe this is a different issue.
> From the stacktrace I deduce that the session is invalidated as part of detach, but as detach is now called after flush, it is no longer possible to invalidate the HttpSession at this point (you cannot clear the JSESSIONID cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 after the response was committed (e.g. after HttpServletResponse.sendRedirect or sendError)
> at org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> at org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.jrHandle(ServletInitialHandler.java:40001)
> at io.undertow.servlet@2.1.3.Final//org.zeroturnaround.javarebel.integration.servlet.undertow.cbp.ServletInitialHandlerCBP.handleRequest(ServletInitialHandlerCBP.java:138)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
> at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
> at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at java.base/java.lang.Thread.run(Thread.java:834)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)