Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5735

Session not reliably bound to SessionReplicationContext if SecurityAssocationValve not present

    XMLWordPrintable

    Details

      Description

      The call in JBossCacheManager.findSession(String id) to SessionReplicationContext.bindSession(...) only binds the session if ClusteredSessionValve has first called SessionReplicationContext.enterWebapp() to establish the context. The problem is, if any code calls Request.getSession(...) before ClusteredSessionValve is invoked, the session will be cached in the request, not bound to the context, and subsequent calls to Request.getSession(...) will use the cached session and never call JBossCacheManager.findSession(...). Result is the session will never be bound to the context and won't be replicated.

      BatchReplicationClusteredSessionValve calls Request.getSession(...) before ClusteredSessionValve is invoked. SecurityAssocationValve happens to save us, by providentially calling Manager.findSession(...) after the request has passed through ClusteredSessionValve. But that's just good luck; we need to make sure the session is properly bound to the context.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                brian.stansberry Brian Stansberry
                Reporter:
                brian.stansberry Brian Stansberry
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: