[jira] [Commented] (GEODE-2889) Generic session module should touch sessions rather than recreate the native session

Thu, 11 May 2017 14:07:40 -0700 

    [ 
https://issues.apache.org/jira/browse/GEODE-2889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007197#comment-16007197
 ] 

ASF subversion and git services commented on GEODE-2889:
--------------------------------------------------------

Commit 1d3e0d53f2182f9ca9c680bb8927e70f204ce89d in geode's branch 
refs/heads/feature/GEODE-2632-15 from [~upthewaterspout]
[ https://git-wip-us.apache.org/repos/asf?p=geode.git;h=1d3e0d5 ]

GEODE-2889: Update the last access time of native sessions

Our getSession method had some races where we were holding onto a
reference to the native session, but not updating the last accessed time
of the native session by calling into getSession of the container. This
could allow the container to expire the session in the middle of our
method.

This closes #494


> Generic session module should touch sessions rather than recreate the native 
> session
> ------------------------------------------------------------------------------------
>
>                 Key: GEODE-2889
>                 URL: https://issues.apache.org/jira/browse/GEODE-2889
>             Project: Geode
>          Issue Type: Bug
>          Components: http session
>            Reporter: Dan Smith
>            Assignee: Dan Smith
>             Fix For: 1.2.0
>
>
> The session module for generic application servers is doing some magic to try 
> to recreate native sessions if they have been idle for too long. This can 
> cause failures if the container expires a session concurrently, because the 
> expiration can happen after we have checked if the session is valid, but 
> before we can read the session creation time.
> {noformat}
> /*
>          * This is a massively gross hack. Currently, there is no way to 
> actually update the last
>          * accessed time for a session, so what we do here is once we're into 
> X% of the session's
>          * TTL we grab a new session from the container.
>          *
>          * (inactive * 1000) * (pct / 100) ==> (inactive * 10 * pct)
>          */
>         if (session.getLastAccessedTime()
>             - session.getCreationTime() > (session.getMaxInactiveInterval() * 
> 10
>                 * percentInactiveTimeTriggerRebuild)) {
>           HttpSession nativeSession = super.getSession();
>           session.failoverSession(nativeSession);
>         }
> {noformat}
> Instead of this, we should just call getSession on the container and have it 
> update the last accessed time of the native session.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to