Bug 1316949 - Active-sessions can exceed property MAX_ACTIVE_SESSIONS
Active-sessions can exceed property MAX_ACTIVE_SESSIONS
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Enrique Gonzalez Martinez
Radim Hatlapatka
Depends On:
  Show dependency treegraph
Reported: 2016-03-11 09:02 EST by Michael Cada
Modified: 2016-03-21 03:07 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-21 03:07:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Simple web app for session counting (2.66 KB, application/zip)
2016-03-11 09:02 EST, Michael Cada
no flags Details
Simple web app for session counting (2.78 KB, application/zip)
2016-03-11 09:36 EST, Michael Cada
no flags Details
patch 7.5.x (998 bytes, patch)
2016-03-15 04:57 EDT, Enrique Gonzalez Martinez
no flags Details | Diff

  None (edit)
Description Michael Cada 2016-03-11 09:02:26 EST
Created attachment 1135254 [details]
Simple web app for session counting

Description of problem:

If you start EAP with org.apache.catalina.session.StandardManager.MAX_ACTIVE_SESSIONS set and then create sessions in parallel, you can exceed this limit.

How reproducible: 90%

Steps to Reproduce:
1. Start EAP with:
      ./standalone.sh -Dorg.apache.catalina.session.StandardManager.MAX_ACTIVE_SESSIONS=3
2. Deploy attached application something.war 
3. Connect to jboss-cli and check web resource status for something.war:
4. Open more sessions than MAX_ACTIVE_SESSIONS (I tried it with 16) in parallel on URL:
5. Check web resource status again

Actual results:
There can be more active-sessions than you set with property MAX_ACTIVE_SESSIONS

Expected results:
All sessions over MAX_ACTIVE_SESSIONS limit are rejected
Comment 1 Michael Cada 2016-03-11 09:36 EST
Created attachment 1135260 [details]
Simple web app for session counting
Comment 2 Enrique Gonzalez Martinez 2016-03-15 04:33:05 EDT
It is a race condition in the StandardManager class

when the session is created, the manager tries to calculate the number of active sessions


and after that it creates the session adding it to the session map

This is the cause of the race condition. this makes possible to create more sessions that the property MAX_ACTIVE_SESSIONS
Comment 3 Enrique Gonzalez Martinez 2016-03-15 04:57 EDT
Created attachment 1136458 [details]
patch 7.5.x

guarding the concurrent block for avoiding the race condition.

Note You need to log in before you can comment on or make changes to this bug.