You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Greg Huber <gr...@gmail.com> on 2022/08/14 07:24:23 UTC
tokenSession is null on redeploy app via tomcat manager
I have an issue when I redeploy my war via tomcat manager.
eg If I have an active session, ie I am using my application, then I
redeploy a new version of the war, the token helper seems to loose the
session token :
2022-08-13 07:07:18,705 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token E9TSCAMBY5AL0Z7TA0RNKJ83KY9XK8F2
does not match the session token null.
2022-08-13 07:07:21,952 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token FGHUJQPU552FTQ6KG8Y8CR3DPH3G1VSX
does not match the session token null.
2022-08-13 07:07:23,101 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token PX7FL87XNZA4EK1TBC25BNU5MTBEPQV2
does not match the session token null.
2022-08-13 07:07:24,002 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token 7SA02JFB2ASPB9P9P9J6AC0DVEWW3PSK
does not match the session token null.
2022-08-13 07:07:24,804 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token 3S1BNJBLOXILUAJLPLL5MBUQREHVQ7G3
does not match the session token null.
2022-08-13 07:07:25,889 WARN org.apache.struts2.util.TokenHelper
TokenHelper:validToken - Form token B2QB8B97K39ZMO6APHVM2BE3DURW2EWI
does not match the session token null.
None of my crud screens work, it just returns to the input with no errors.
To fix this I have to manually logoff and on again.
I cannot work out how to reset the session token. Is this normal when
redeploying an app?
<interceptor-ref name="tokenSession">
<param name="includeMethods">save</param>
</interceptor-ref>
TokenHelper:
Map session = ActionContext.getContext().getSession();
String tokenSessionName =
buildTokenSessionAttributeName(tokenName);
String sessionToken = (String) session.get(tokenSessionName);
if (!token.equals(sessionToken)) {
if (LOG.isWarnEnabled()) {
LocalizedTextProvider localizedTextProvider =
ActionContext.getContext().getContainer().getInstance(LocalizedTextProvider.class);
LOG.warn(localizedTextProvider.findText(TokenHelper.class,
"struts.internal.invalid.token", ActionContext.getContext().getLocale(),
"Form token {0} does not match the session token {1}.", new Object[]{
token, sessionToken
}));
}
return false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Greg Huber <gr...@gmail.com>.
I will try the session save, but my login works and has nothing to do with
struts.
...I also tried stopping tomcat and deleting the work folder
(SESSIONS.ser), and restating. Everything works OK.
I will read up also on redeploying tomcat.
Thanks.
On Wed, 17 Aug 2022 at 14:52, Yasser Zamani <ya...@live.com> wrote:
> No it's for a long time ago. I even don't remember exactly where was
> that option. I guess it was at 'undeploy' where we were able to keep
> sessions.
>
> @Greg could you please google "tomcat manager redeploy sessions" to see
> if you've configured tomcat correctly, or you haven't disabled session
> persistence? For example looks like sessions will be gone on redeploy
> due to security reasons [1].
>
> If you believe that it's a Struts BUG then could you please in your
> application in an action for example, store something in session using
> pure java (i.e. don't use Struts). In another action restore and display
> it. Meanwhile try redeploy to see if it belongs to Tomcat, or no it
> works and so belongs to Struts.
>
> TIA
>
> Regards
>
> [1] https://stackoverflow.com/q/56574258/1362623
>
> On 8/17/2022 6:02 PM, Lukasz Lenart wrote:
> > Has it started recently? Tomcat by default serializes all sessions and
> > tries to restore them on application reload.
> >
> https://serverfault.com/questions/300222/invalidate-all-sessions-at-application-reload
> >
> >
> > Regards
> >
> > --
> > Łukasz
> > + 48 606 323 122 http://www.lenart.org.pl/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Yasser Zamani <ya...@live.com>.
No it's for a long time ago. I even don't remember exactly where was
that option. I guess it was at 'undeploy' where we were able to keep
sessions.
@Greg could you please google "tomcat manager redeploy sessions" to see
if you've configured tomcat correctly, or you haven't disabled session
persistence? For example looks like sessions will be gone on redeploy
due to security reasons [1].
If you believe that it's a Struts BUG then could you please in your
application in an action for example, store something in session using
pure java (i.e. don't use Struts). In another action restore and display
it. Meanwhile try redeploy to see if it belongs to Tomcat, or no it
works and so belongs to Struts.
TIA
Regards
[1] https://stackoverflow.com/q/56574258/1362623
On 8/17/2022 6:02 PM, Lukasz Lenart wrote:
> Has it started recently? Tomcat by default serializes all sessions and
> tries to restore them on application reload.
> https://serverfault.com/questions/300222/invalidate-all-sessions-at-application-reload
>
>
> Regards
>
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Greg Huber <gr...@gmail.com>.
I have done some more testing and I have not been able to determine yet
what is causing it, as it only happens sometimes. I will take at a look at
the interceptor code as well as the TokenHelper, and do some more testing.
Thanks for taking a look.
On Thu, 18 Aug 2022 at 07:53, Yasser Zamani <ya...@apache.org> wrote:
>
>
> On 8/17/2022 10:50 PM, Greg Huber wrote:
> > It is only when I have an active session and then redeploy with the
> manager
> > app.
>
> Thanks for clarifications Greg! So I guess it's an expected behavior due
> to security reasons [1]. Isn't it? you might ask on Tomcat's user list.
> They know better.
>
> Regards
>
> [1] https://stackoverflow.com/a/56580107/1362623
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Yasser Zamani <ya...@apache.org>.
On 8/17/2022 10:50 PM, Greg Huber wrote:
> It is only when I have an active session and then redeploy with the manager
> app.
Thanks for clarifications Greg! So I guess it's an expected behavior due
to security reasons [1]. Isn't it? you might ask on Tomcat's user list.
They know better.
Regards
[1] https://stackoverflow.com/a/56580107/1362623
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Greg Huber <gr...@gmail.com>.
Ever since I have been using the manager app to deploy my war (about a
year). Before I did it manually on the server.
If I stop and start the server it works OK. I also tried stopping tomcat,
deleting the exploded war folder and then starting tomcat, it still works.
It is only when I have an active session and then redeploy with the manager
app.
On Wed, 17 Aug 2022 at 14:32, Lukasz Lenart <lu...@apache.org> wrote:
> Has it started recently? Tomcat by default serializes all sessions and
> tries to restore them on application reload.
>
> https://serverfault.com/questions/300222/invalidate-all-sessions-at-application-reload
>
>
> Regards
>
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Lukasz Lenart <lu...@apache.org>.
Has it started recently? Tomcat by default serializes all sessions and
tries to restore them on application reload.
https://serverfault.com/questions/300222/invalidate-all-sessions-at-application-reload
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Greg Huber <gr...@gmail.com>.
OK, keep session, I will have a look and see if it fixes it.
Thanks.
On Wed, 17 Aug 2022 at 14:17, Yasser Zamani <ya...@apache.org> wrote:
> Hi Greg,
>
> I remember Tomcat Manager had an option titled "keep session" when you
> deploy. Have you seen/tried it?
>
> Regards
>
> On 8/14/2022 11:54 AM, Greg Huber wrote:
> > I have an issue when I redeploy my war via tomcat manager.
> >
> > eg If I have an active session, ie I am using my application, then I
> > redeploy a new version of the war, the token helper seems to loose the
> > session token :
> >
> > 2022-08-13 07:07:18,705 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token E9TSCAMBY5AL0Z7TA0RNKJ83KY9XK8F2
> > does not match the session token null.
> > 2022-08-13 07:07:21,952 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token FGHUJQPU552FTQ6KG8Y8CR3DPH3G1VSX
> > does not match the session token null.
> > 2022-08-13 07:07:23,101 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token PX7FL87XNZA4EK1TBC25BNU5MTBEPQV2
> > does not match the session token null.
> > 2022-08-13 07:07:24,002 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token 7SA02JFB2ASPB9P9P9J6AC0DVEWW3PSK
> > does not match the session token null.
> > 2022-08-13 07:07:24,804 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token 3S1BNJBLOXILUAJLPLL5MBUQREHVQ7G3
> > does not match the session token null.
> > 2022-08-13 07:07:25,889 WARN org.apache.struts2.util.TokenHelper
> > TokenHelper:validToken - Form token B2QB8B97K39ZMO6APHVM2BE3DURW2EWI
> > does not match the session token null.
> >
> > None of my crud screens work, it just returns to the input with no
> errors.
> >
> > To fix this I have to manually logoff and on again.
> >
> > I cannot work out how to reset the session token. Is this normal when
> > redeploying an app?
> >
> >
> > <interceptor-ref name="tokenSession">
> > <param name="includeMethods">save</param>
> > </interceptor-ref>
> >
> > TokenHelper:
> >
> > Map session = ActionContext.getContext().getSession();
> > String tokenSessionName =
> > buildTokenSessionAttributeName(tokenName);
> > String sessionToken = (String) session.get(tokenSessionName);
> >
> > if (!token.equals(sessionToken)) {
> > if (LOG.isWarnEnabled()) {
> > LocalizedTextProvider localizedTextProvider =
> >
> ActionContext.getContext().getContainer().getInstance(LocalizedTextProvider.class);
>
> >
> > LOG.warn(localizedTextProvider.findText(TokenHelper.class,
> > "struts.internal.invalid.token", ActionContext.getContext().getLocale(),
> > "Form token {0} does not match the session token {1}.", new Object[]{
> > token, sessionToken
> > }));
> > }
> >
> > return false;
> > }
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: tokenSession is null on redeploy app via tomcat manager
Posted by Yasser Zamani <ya...@apache.org>.
Hi Greg,
I remember Tomcat Manager had an option titled "keep session" when you
deploy. Have you seen/tried it?
Regards
On 8/14/2022 11:54 AM, Greg Huber wrote:
> I have an issue when I redeploy my war via tomcat manager.
>
> eg If I have an active session, ie I am using my application, then I
> redeploy a new version of the war, the token helper seems to loose the
> session token :
>
> 2022-08-13 07:07:18,705 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token E9TSCAMBY5AL0Z7TA0RNKJ83KY9XK8F2
> does not match the session token null.
> 2022-08-13 07:07:21,952 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token FGHUJQPU552FTQ6KG8Y8CR3DPH3G1VSX
> does not match the session token null.
> 2022-08-13 07:07:23,101 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token PX7FL87XNZA4EK1TBC25BNU5MTBEPQV2
> does not match the session token null.
> 2022-08-13 07:07:24,002 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token 7SA02JFB2ASPB9P9P9J6AC0DVEWW3PSK
> does not match the session token null.
> 2022-08-13 07:07:24,804 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token 3S1BNJBLOXILUAJLPLL5MBUQREHVQ7G3
> does not match the session token null.
> 2022-08-13 07:07:25,889 WARN org.apache.struts2.util.TokenHelper
> TokenHelper:validToken - Form token B2QB8B97K39ZMO6APHVM2BE3DURW2EWI
> does not match the session token null.
>
> None of my crud screens work, it just returns to the input with no errors.
>
> To fix this I have to manually logoff and on again.
>
> I cannot work out how to reset the session token. Is this normal when
> redeploying an app?
>
>
> <interceptor-ref name="tokenSession">
> <param name="includeMethods">save</param>
> </interceptor-ref>
>
> TokenHelper:
>
> Map session = ActionContext.getContext().getSession();
> String tokenSessionName =
> buildTokenSessionAttributeName(tokenName);
> String sessionToken = (String) session.get(tokenSessionName);
>
> if (!token.equals(sessionToken)) {
> if (LOG.isWarnEnabled()) {
> LocalizedTextProvider localizedTextProvider =
> ActionContext.getContext().getContainer().getInstance(LocalizedTextProvider.class);
>
> LOG.warn(localizedTextProvider.findText(TokenHelper.class,
> "struts.internal.invalid.token", ActionContext.getContext().getLocale(),
> "Form token {0} does not match the session token {1}.", new Object[]{
> token, sessionToken
> }));
> }
>
> return false;
> }
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org