https://bz.apache.org/bugzilla/show_bug.cgi?id=69706
Bug ID: 69706
Summary: Session persistence broken when persistAuthentication
is turned on in tomcat 11.0.7
Product: Tomcat 11
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -------
Session serialization fails between restarts of tomcat, when both of these
conditions are met:
- persistAuthentication is turned on in context.xml (by line '<Manager
pathname="SESSIONS.ser" persistAuthentication="true"/>' )
- Active _unauthenticated_ user sessions exist
Following the related stack trace from "catalina.${date}.log":
java.io.NotSerializableException: java.util.OptionalInt
at
java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1200)
at
java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1585)
at
java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1542)
at
java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1451)
at
java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1194)
at
java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:358)
at
org.apache.catalina.session.StandardSession.doWriteObject(StandardSession.java:1275)
at
org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:837)
at
org.apache.catalina.session.StandardManager.unload(StandardManager.java:218)
at
org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:285)
at
org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:235)
at
org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:4660)
at
org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:235)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:626)
at
org.apache.catalina.startup.HostConfig.undeploy(HostConfig.java:1439)
at
org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1348)
at
org.apache.catalina.startup.HostConfig.check(HostConfig.java:1617)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:263)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:109)
at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:940)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1139)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1143)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1121)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
at
java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:358)
at
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:59)
at java.base/java.lang.Thread.run(Thread.java:1583)
Note that org.apache.catalina.authenticator.SavedRequest does implement
java.io.Serializable, while its member variable originalMaxInactiveInterval of
type java.util.OptionalInt does _not_.
This has been changed at some point between tomcat version 11.0.1 and 11.0.7.
(Version 11.0.0 did not have this issue.)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
