glassfish
  1. glassfish
  2. GLASSFISH-5574

Make HTTP session versioning thread-safe

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 9.1pe
    • Fix Version/s: 9.1.1_dev
    • Component/s: failover
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      5,574
    • Status Whiteboard:
      Hide

      911Approved

      Show
      911Approved

      Description

      This is to prevent a scenario where the same HTTP session is accessed
      concurrently by multiple threads, and each thread increments the session's version
      in an unsynchronized fashion, which may result in the session version returned
      in one of the responses (and submitted with a subsequent request) getting ahead
      of the version of the cached session on the server (due to visibility issues),
      resulting in session loss.

        Activity

        Hide
        jluehe added a comment -

        Fixed in v3 (minus the change in appserv-core-ee, which does not yet exist in v3):

        Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java
        Sending
        web/web-core/src/main/java/org/apache/catalina/core/ApplicationHttpRequest.java
        Sending web/web-core/src/main/java/org/apache/catalina/session/StandardSession.java
        Transmitting file data ...
        Committed revision 22180.

        Show
        jluehe added a comment - Fixed in v3 (minus the change in appserv-core-ee, which does not yet exist in v3): Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java Sending web/web-core/src/main/java/org/apache/catalina/core/ApplicationHttpRequest.java Sending web/web-core/src/main/java/org/apache/catalina/session/StandardSession.java Transmitting file data ... Committed revision 22180.
        Hide
        harpreet added a comment -

        Approved for v2.1

        Show
        harpreet added a comment - Approved for v2.1
        Hide
        jluehe added a comment -

        Checking in
        appserv-webtier/src/java/org/apache/catalina/core/ApplicationHttpRequest.java;
        /cvs/glassfish/appserv-webtier/src/java/org/apache/catalina/core/ApplicationHttpRequest.java,v
        <-- ApplicationHttpRequest.java
        new revision: 1.16.6.2; previous revision: 1.16.6.1
        done
        Checking in
        appserv-webtier/src/java/org/apache/catalina/session/StandardSession.java;
        /cvs/glassfish/appserv-webtier/src/java/org/apache/catalina/session/StandardSession.java,v
        <-- StandardSession.java
        new revision: 1.34.6.15; previous revision: 1.34.6.14
        done
        Checking in appserv-webtier/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java;
        /cvs/glassfish/appserv-webtier/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java,v
        <-- CoyoteRequest.java
        new revision: 1.67.2.11; previous revision: 1.67.2.10
        done
        Checking in
        appserv-core-ee/http-session-persistence/src/java/com/sun/enterprise/ee/web/sessmgmt/HASession.java;
        /cvs/glassfish/appserv-core-ee/http-session-persistence/src/java/com/sun/enterprise/ee/web/sessmgmt/HASession.java,v
        <-- HASession.java
        new revision: 1.5.6.3; previous revision: 1.5.6.2
        done

        Show
        jluehe added a comment - Checking in appserv-webtier/src/java/org/apache/catalina/core/ApplicationHttpRequest.java; /cvs/glassfish/appserv-webtier/src/java/org/apache/catalina/core/ApplicationHttpRequest.java,v <-- ApplicationHttpRequest.java new revision: 1.16.6.2; previous revision: 1.16.6.1 done Checking in appserv-webtier/src/java/org/apache/catalina/session/StandardSession.java; /cvs/glassfish/appserv-webtier/src/java/org/apache/catalina/session/StandardSession.java,v <-- StandardSession.java new revision: 1.34.6.15; previous revision: 1.34.6.14 done Checking in appserv-webtier/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java; /cvs/glassfish/appserv-webtier/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java,v <-- CoyoteRequest.java new revision: 1.67.2.11; previous revision: 1.67.2.10 done Checking in appserv-core-ee/http-session-persistence/src/java/com/sun/enterprise/ee/web/sessmgmt/HASession.java; /cvs/glassfish/appserv-core-ee/http-session-persistence/src/java/com/sun/enterprise/ee/web/sessmgmt/HASession.java,v <-- HASession.java new revision: 1.5.6.3; previous revision: 1.5.6.2 done

          People

          • Assignee:
            jluehe
            Reporter:
            jluehe
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: