wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Grigorov <mgrigo...@apache.org>
Subject Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish v3 and v4)
Date Mon, 30 Sep 2013 09:32:17 GMT
I'll test this and let you know.


On Sat, Sep 28, 2013 at 10:37 PM, Paul Bors <paul@bors.ws> wrote:

> Sorry for the delay, it's the weekend :)
>
> In our webapp we let the system administrator control the user session
> timeout which we set it via the Login page as:
> WebRequest webRequest = (WebRequest)RequestCycle.get().getRequest();
> HttpServletRequest httpRequest =
> (HttpServletRequest)webRequest.getContainerRequest();
> httpRequest.getSession().setMaxInactiveInterval(sessionDuration);
>
> I set the session duration to 1 min and tried it with the new
> implementation for the getSessionEntry(), waited for a good 2-3 mins and
> the session is never invalidated any longer as if it's no longer touched.
> My breakpoint on SessionEntry.valueUnbound() is not called either, unless
> explicitly through the Logout button which calls
> o.a.w.protocol.http.WebSession.get().invalidateNow();
>
> This is what makes me think that going off the HttpSessionListener might
> be better.
>
> ~ Thank you,
>   Paul Bors
>
> -----Original Message-----
> From: Martin Grigorov [mailto:mgrigorov@apache.org]
> Sent: Saturday, September 28, 2013 3:44 AM
> To: users@wicket.apache.org
> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0 (GlassFish
> v3 and v4)
>
> I think both suggestions should be applied.
> The intentions are more clear, IMO.
>
> But let's wait Paul to explain what problem he faced. I don't expect
> problems with session timeouts because this is managed by the web
> container. If there is request then the session is touched. If the session
> is not touched for some predefined time then the web container invalidates
> it automatically.
>
>
> On Sat, Sep 28, 2013 at 8:48 AM, Sven Meier <sven@meiers.net> wrote:
>
> > Martin's explanation fits the reported stacktrace nicely.
> >
> > We should definitely change getSessionEntry() as proposed. I don't see
> > an advantage in using an HttpSessionListener though.
> >
> > @Paul: What is broken now?
> >
> > Sven
> >
> >
> > On 09/28/2013 12:15 AM, Paul Bors wrote:
> >
> >> I take that back, the new implementation breaks the session timeout.
> >>
> >> ~ Thank you,
> >>    Paul Bors
> >>
> >> -----Original Message-----
> >> From: Paul Bors [mailto:paul@bors.ws]
> >> Sent: Friday, September 27, 2013 5:51 PM
> >> To: users@wicket.apache.org
> >> Cc: dev@wicket.apache.org
> >> Subject: RE: Bunch of Page Expired exceptions in Wicket 6.10.0
> >> (GlassFish
> >> v3 and v4)
> >>
> >> I tested with the proposed o.a.w.p.PageStoreManager.**
> >> PersistentRequestAdapter#**getSessionEntry() new implementation and
> >> it's working fine in GlassFish v3.1.2.2
> >>
> >> I'll withdraw my GLASSFISH-20828 bug.
> >>
> >> Should I open a new Wicket ticket instead?
> >>
> >> I do think the second suggestion of using HttpSessionListener instead
> >> is cleaner.
> >>
> >> ~ Thank you,
> >>    Paul Bors
> >>
> >> -----Original Message-----
> >> From: Martin Grigorov [mailto:mgrigorov@apache.org]
> >> Sent: Friday, September 27, 2013 4:09 PM
> >> To: users@wicket.apache.org
> >> Cc: dev@wicket.apache.org
> >> Subject: Re: Bunch of Page Expired exceptions in Wicket 6.10.0
> >> (GlassFish
> >> v3 and v4)
> >>
> >> Reading your ticket against GF I think GF behaves correctly. But I
> >> wonder why Tomcat/Jetty don't do this.
> >>
> >> So here is what happens:
> >>
> >> org.apache.wicket.page.**PageStoreManager.**PersistentRequestAdapter#
> >> **
> >> getSessionEntry
> >> looks like :
> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
> >>   if (entry == null && create)
> >> {
> >> bind();
> >>   entry = new SessionEntry(applicationName, getSessionId()); } if
> >> (entry != null)  { synchronized (entry) {
> >> setSessionAttribute(**getAttributeName(),
> >> entry);  } } return entry; }
> >>
> >> I think the correct code should be:
> >>
> >> private SessionEntry getSessionEntry(boolean create) { SessionEntry
> >> entry = (SessionEntry)**getSessionAttribute(**getAttributeName());
> >>   if (entry == null && create)
> >> {
> >> bind();
> >>   entry = new SessionEntry(applicationName, getSessionId());
> >> setSessionAttribute(**getAttributeName(), entry);  } return entry; }
> >> I.e. set the SessionEntry as an attribute in the http session only
> >> when it is created.
> >>
> >> Because with the current code we call
> >> "setSessionAttribute(**getAttributeName(), entry);" even with already
> >> existing entries and this leads to notifications to
> >> HttpSessionBindingListener - new value is bound, old value is removed.
> >>
> >> I guess Tomcat and Jetty optimize this by doing identity check.
> >>
> >> Another solution would be SessionEntry to implement
> >> HttpSessionListener instead and check the sessionId of the unbound
> >> session against its own one and clean the data store if they are equal.
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Sep 27, 2013 at 9:20 PM, Paul Bors <paul@bors.ws> wrote:
> >>
> >>  Created
> >> https://java.net/jira/browse/**GLASSFISH-20828<https://java.net/jira/
> >> browse/GLASSFISH-20828>
> >>> "HttpSessionBindingListener.**valueUnbound() is always called right
> >>> after
> >>> valueBound() with a null HttpSessionBindingEvent.**getValue()"
> >>>
> >>> Let's see what becomes of this...
> >>>
> >>>
> >>>
> >>> -----
> >>> ~ Thank you,
> >>>      Paul@Bors.ws
> >>> --
> >>> View this message in context:
> >>> http://apache-wicket.1842946.**n4.nabble.com/Bunch-of-Page-**
> >>> Expired-excep<http://apache-wicket.1842946.n4.nabble.com/Bunch-of-Pa
> >>> ge-Expired-excep> tions-in-Wicket-6-10-0-**tp4661502p4661582.html
> >>> Sent from the Users forum mailing list archive at Nabble.com.
> >>>
> >>> ------------------------------**------------------------------**
> >>> ---------
> >>> To unsubscribe, e-mail:
> >>> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apach
> >>> e.org> For additional commands, e-mail: users-help@wicket.apache.org
> >>>
> >>>
> >>>
> >>
> >> ------------------------------**------------------------------**-----
> >> ---- To unsubscribe, e-mail:
> >> users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache
> >> .org> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >
> > ------------------------------**------------------------------**------
> > --- To unsubscribe, e-mail:
> > users-unsubscribe@wicket.**apache.org<users-unsubscribe@wicket.apache.
> > org> For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message