You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Arunachalam Sibisakkaravarthi <ar...@mcruncher.com> on 2021/09/21 03:56:46 UTC
Session instance in memory goes null
Hi guys,
User Session goes null and other user 's session is updated wrongly.
I keep track of session instances in a map with username as key
The following happens in a scenario
Assume 3 users (foouser, baruser, foobaruser) are there in the system
1. foouser was logged in
1.a) Session (id is 1) is stored in the map
2. baruser was logged in
2.a) Session (id is 2) is stored in the map
3. Session has expired for baruser
3.a) Trying to remove the baruser's session entry from the map
3.b) Got NullPointerException while accessing the session for baruser
stored in the map, because somehow the session was null, so I couldn't
remove the entry from the map for baruser
4. foobaruser was logged in
4.a) Session (id is 3) is stored in the map
4.b) Session (id as 3) is updated in the map for baruser
I have two questions
1. How was the baruser's session set to null? (step 3.b)
2. Why baruser's session was updated to the id which belongs to newly
logged in user? (step 4.b)?
Please help me to understand the problem.
*Thanks And RegardsSibi.ArunachalammCruncher*
Re: Session instance in memory goes null
Posted by Martin Grigorov <mg...@apache.org>.
On Wed, Sep 22, 2021 at 7:33 AM Arunachalam Sibisakkaravarthi <
arunachalam@mcruncher.com> wrote:
> Is there a way to get all Active Sessions?
> Is it possible to get Session using its id?
>
No. There is no such Servlet API.
You need to keep track of them yourself, as you already do.
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi <
> arunachalam@mcruncher.com> wrote:
>
> > Okay, the map is kept in implementation of HttpSessionStore where
> onUnbind method
> > is overridden to remove the session entry from the map.
> >
> > This problem also happens when I click logout button in my app where
> > following code will be executed
> >
> > LOGGER.info("Invalidating the session {} ...",
> getCustomSession().getId());
> > getCoreSession().invalidateNow();
> >
> > LOGGER.info("Session invalidated?: {}",
> getSession().isSessionInvalidated());
> > LOGGER.info("Replacing the current session with a new one to protect
> against session fixation attacks...");
> > getCustomSession().replaceSession(); //tried using changeSessionId, but
> it doesn't help
> >
> >
> >
> >
> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >
> >
> > On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mg...@apache.org>
> > wrote:
> >
> >> Hi,
> >>
> >> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
> >> arunachalam@mcruncher.com> wrote:
> >>
> >> > Hi guys,
> >> > User Session goes null and other user 's session is updated wrongly.
> >> >
> >> > I keep track of session instances in a map with username as key
> >> >
> >>
> >> Where do you keep this map ?
> >> I guess in some custom implementation of HttpSessionListener ?!
> >>
> >>
> >> > The following happens in a scenario
> >> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
> >> >
> >> > 1. foouser was logged in
> >> > 1.a) Session (id is 1) is stored in the map
> >> > 2. baruser was logged in
> >> > 2.a) Session (id is 2) is stored in the map
> >> > 3. Session has expired for baruser
> >> > 3.a) Trying to remove the baruser's session entry from the map
> >> > 3.b) Got NullPointerException while accessing the session for
> >> baruser
> >> > stored in the map, because somehow the session was null, so I couldn't
> >> > remove the entry from the map for baruser
> >> > 4. foobaruser was logged in
> >> > 4.a) Session (id is 3) is stored in the map
> >> > 4.b) Session (id as 3) is updated in the map for baruser
> >> >
> >> > I have two questions
> >> > 1. How was the baruser's session set to null? (step 3.b)
> >> > 2. Why baruser's session was updated to the id which belongs to newly
> >> > logged in user? (step 4.b)?
> >> >
> >> > Please help me to understand the problem.
> >> >
> >>
> >> Since the map is managed in your application code we cannot tell you
> >> without seeing your code.
> >>
> >>
> >> >
> >> >
> >> >
> >> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >> >
> >>
> >
>
Re: Session instance in memory goes null
Posted by Arunachalam Sibisakkaravarthi <ar...@mcruncher.com>.
Is there a way to get all Active Sessions?
Is it possible to get Session using its id?
*Thanks And RegardsSibi.ArunachalammCruncher*
On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi <
arunachalam@mcruncher.com> wrote:
> Okay, the map is kept in implementation of HttpSessionStore where onUnbind method
> is overridden to remove the session entry from the map.
>
> This problem also happens when I click logout button in my app where
> following code will be executed
>
> LOGGER.info("Invalidating the session {} ...", getCustomSession().getId());
> getCoreSession().invalidateNow();
>
> LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated());
> LOGGER.info("Replacing the current session with a new one to protect against session fixation attacks...");
> getCustomSession().replaceSession(); //tried using changeSessionId, but it doesn't help
>
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mg...@apache.org>
> wrote:
>
>> Hi,
>>
>> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
>> arunachalam@mcruncher.com> wrote:
>>
>> > Hi guys,
>> > User Session goes null and other user 's session is updated wrongly.
>> >
>> > I keep track of session instances in a map with username as key
>> >
>>
>> Where do you keep this map ?
>> I guess in some custom implementation of HttpSessionListener ?!
>>
>>
>> > The following happens in a scenario
>> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
>> >
>> > 1. foouser was logged in
>> > 1.a) Session (id is 1) is stored in the map
>> > 2. baruser was logged in
>> > 2.a) Session (id is 2) is stored in the map
>> > 3. Session has expired for baruser
>> > 3.a) Trying to remove the baruser's session entry from the map
>> > 3.b) Got NullPointerException while accessing the session for
>> baruser
>> > stored in the map, because somehow the session was null, so I couldn't
>> > remove the entry from the map for baruser
>> > 4. foobaruser was logged in
>> > 4.a) Session (id is 3) is stored in the map
>> > 4.b) Session (id as 3) is updated in the map for baruser
>> >
>> > I have two questions
>> > 1. How was the baruser's session set to null? (step 3.b)
>> > 2. Why baruser's session was updated to the id which belongs to newly
>> > logged in user? (step 4.b)?
>> >
>> > Please help me to understand the problem.
>> >
>>
>> Since the map is managed in your application code we cannot tell you
>> without seeing your code.
>>
>>
>> >
>> >
>> >
>> > *Thanks And RegardsSibi.ArunachalammCruncher*
>> >
>>
>
Re: Session instance in memory goes null
Posted by Arunachalam Sibisakkaravarthi <ar...@mcruncher.com>.
Okay, the map is kept in implementation of HttpSessionStore where
onUnbind method
is overridden to remove the session entry from the map.
This problem also happens when I click logout button in my app where
following code will be executed
LOGGER.info("Invalidating the session {} ...", getCustomSession().getId());
getCoreSession().invalidateNow();
LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated());
LOGGER.info("Replacing the current session with a new one to protect
against session fixation attacks...");
getCustomSession().replaceSession(); //tried using changeSessionId,
but it doesn't help
*Thanks And RegardsSibi.ArunachalammCruncher*
On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mg...@apache.org>
wrote:
> Hi,
>
> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
> arunachalam@mcruncher.com> wrote:
>
> > Hi guys,
> > User Session goes null and other user 's session is updated wrongly.
> >
> > I keep track of session instances in a map with username as key
> >
>
> Where do you keep this map ?
> I guess in some custom implementation of HttpSessionListener ?!
>
>
> > The following happens in a scenario
> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
> >
> > 1. foouser was logged in
> > 1.a) Session (id is 1) is stored in the map
> > 2. baruser was logged in
> > 2.a) Session (id is 2) is stored in the map
> > 3. Session has expired for baruser
> > 3.a) Trying to remove the baruser's session entry from the map
> > 3.b) Got NullPointerException while accessing the session for
> baruser
> > stored in the map, because somehow the session was null, so I couldn't
> > remove the entry from the map for baruser
> > 4. foobaruser was logged in
> > 4.a) Session (id is 3) is stored in the map
> > 4.b) Session (id as 3) is updated in the map for baruser
> >
> > I have two questions
> > 1. How was the baruser's session set to null? (step 3.b)
> > 2. Why baruser's session was updated to the id which belongs to newly
> > logged in user? (step 4.b)?
> >
> > Please help me to understand the problem.
> >
>
> Since the map is managed in your application code we cannot tell you
> without seeing your code.
>
>
> >
> >
> >
> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >
>
Re: Session instance in memory goes null
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
arunachalam@mcruncher.com> wrote:
> Hi guys,
> User Session goes null and other user 's session is updated wrongly.
>
> I keep track of session instances in a map with username as key
>
Where do you keep this map ?
I guess in some custom implementation of HttpSessionListener ?!
> The following happens in a scenario
> Assume 3 users (foouser, baruser, foobaruser) are there in the system
>
> 1. foouser was logged in
> 1.a) Session (id is 1) is stored in the map
> 2. baruser was logged in
> 2.a) Session (id is 2) is stored in the map
> 3. Session has expired for baruser
> 3.a) Trying to remove the baruser's session entry from the map
> 3.b) Got NullPointerException while accessing the session for baruser
> stored in the map, because somehow the session was null, so I couldn't
> remove the entry from the map for baruser
> 4. foobaruser was logged in
> 4.a) Session (id is 3) is stored in the map
> 4.b) Session (id as 3) is updated in the map for baruser
>
> I have two questions
> 1. How was the baruser's session set to null? (step 3.b)
> 2. Why baruser's session was updated to the id which belongs to newly
> logged in user? (step 4.b)?
>
> Please help me to understand the problem.
>
Since the map is managed in your application code we cannot tell you
without seeing your code.
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>