[Bug 64043] New: DeltaManager Form Authentication Fails to Replicate Changes in Sessions

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64043

            Bug ID: 64043
           Summary: DeltaManager Form Authentication Fails to Replicate
                    Changes in Sessions
           Product: Tomcat 9
           Version: 9.0.30
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Cluster
          Assignee: dev@tomcat.apache.org
          Reporter: kenneth.gend...@gmail.com
  Target Milestone: -----

Perhaps I am doing something wrong.  When using FORM authentication with a
DeltaManager cluster, the sessions do not get replicated properly.  The manager
will send the initial "session-created" message to the cluster members when a
browser first connects; however, when authenticated, the new session ID (which
is generated during the authentication process) is not replicated with a new
"session-created" message.  Instead, the manager skips over sending a new
"session-created" message, and proceeds directly to "session-delta" messages
using the new session ID.  The only problem is the manager cannot find a
matching session, and drops the offending messages.

The following is the basic cluster configuration I am using.

<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
        <Manager className="org.apache.catalina.ha.session.DeltaManager"
                expireSessionsOnShutdown="false"
                notifyListenersOnReplication="true"/>
        <Channel className="org.apache.catalina.tribes.group.GroupChannel">
                <Membership
className="org.apache.catalina.tribes.membership.StaticMembershipService">
                        <Member
className="org.apache.catalina.tribes.membership.StaticMember"
                                port="4000"
                                host="host1"
                               
uniqueId="{1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}"/>
                        <Member
className="org.apache.catalina.tribes.membership.StaticMember"
                                port="4000"
                                host="host2"
                               
uniqueId="{2,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}"/>
                </Membership>
                <Receiver
className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                        address="auto"
                        port="4000"
                        selectorTimeout="100"
                        maxThreads="6"/>
                <Sender
className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
                        <Transport
className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
                </Sender>
        </Channel>
        <ClusterListener
className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>

To address this, I created my own DeltaManager implementation that overrides
handleSESSION_DELTA(), calling handleSESSION_CREATED() in the event the session
cannot be found before calling super.handleSESSION_DELTA().  This seems to
work.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org