Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1441808

Summary: [GSS](6.4.z) Clustered session unexpectedly expired by sso after cluster member is stopped
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Aaron Ogburn <aogburn>
Component: WebAssignee: Jiri Ondrusek <jondruse>
Status: CLOSED CURRENTRELEASE QA Contact: Radim Hatlapatka <rhatlapa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4.14CC: bmaxwell, jbaesner, jbilek, jondruse, mcada, rmaucher, rstancel
Target Milestone: CR1   
Target Release: EAP 6.4.16   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-22 09:19:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1434495, 1455259, 1523870    
Attachments:
Description Flags
bz1441808reproducer.zip none

Description Aaron Ogburn 2017-04-12 18:38:43 UTC 
Description of problem:

When a single cluster member is stopped, sessions in its manager are clearedand other cluster members are notified that the sso entry for those sessions is now empty, so these members move that entry to their emptySSOs:

11-04-2017 05:02:02,316 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (OOB-17,shared=tcp) received a session modified message for SSO p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 05:02:02,316 TRACE [org.jboss.as.web.sso] (OOB-17,shared=tcp) Notified that SSO p0vsaBCR6yVjvIOwEKHfzWRR is empty

Despite continued activity for that session/sso on the remaining cluster members, the sso and its sessions are expired after the maxEmptyLife passes from when that cluster member was shutdown:

11-04-2017 06:46:12,376 TRACE [org.jboss.as.web.sso] (ajp-/0.0.0.0:11409-382) Associate sso id p0vsaBCR6yVjvIOwEKHfzWRR with session SessionBasedClusteredSession[id: ylja2xlbE9XnFsbP8OsLTH-k lastAccessedTime: 1491885960368 version: 8181 lastOutdated: 0]
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Invalidating expired SSO p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Deregistering sso id 'p0vsaBCR6yVjvIOwEKHfzWRR'
11-04-2017 06:46:21,496 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Registering logout of SSO p0vsaBCR6yVjvIOwEKHfzWRR in clustered cache
11-04-2017 06:46:21,498 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) cacheEntryRemoved ssoId = p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 06:46:21,498 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Notified that SSO p0vsaBCR6yVjvIOwEKHfzWRR is empty
11-04-2017 06:46:21,498 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Registering logout of SSO p0vsaBCR6yVjvIOwEKHfzWRR in clustered cache
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]])  Invalidating session SessionBasedClusteredSession[id: ylja2xlbE9XnFsbP8OsLTH-k lastAccessedTime: 1491885960368 version: 8182 lastOutdated: 0]


Version-Release number of selected component (if applicable):


How reproducible:

Always


Steps to Reproduce:
1. Launch two nodes with the attached configuration and the SimpleWar.war deployed.  It helps reproduce more quickly with a shorter maxEmptyLife/processExpiresInterval:

./standalone.sh -c standalone-sso.xml -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.maxEmptyLife=60 -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.processExpiresInterval=1 -Djboss.node.name=node1

./standalone.sh -c standalone-sso.xml -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.maxEmptyLife=60 -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.processExpiresInterval=1 -Djboss.socket.binding.port-offset=100 -Djboss.node.name=node2

2. Access localhost:8080/SimpleWar/secure/hi.jsp and login (admin/redhat1!).  Note the sessionid/sso generated.
3. Stop node1 then access localhost:8180/SimpleWar/secure/hi.jsp
4. Wait one minute for maxEmptyLife to pass.  
5. In a new browser session, access localhost:8180/SimpleWar/secure/hi.jsp and login then access localhost:8180/SimpleWar/secure/invalidate.jsp in this same session
6. Note that the sessionid/sso from step 2 are expired

Actual results:

Clustered SSO entry becomes an "emptySSO" after a cluster member stops.  This leads to unexpected SSO/session expiration after maxEmptyLife passes.


Expected results:


Clustered SSO entry does not become an "emptySSO" after a cluster member stops and/or continued activity on other cluster members removes it from emptySSO.


Additional info:

To address this, perhaps ClusteredSingleSignOn.sessionEvent should not broadcast that the SSO is empty when the session is expired because the manager is stopping.

And/Or perhaps ClusteredSingleSignOn.associate should ensure the sso is removed from emptySSOs.
Comment 1 Aaron Ogburn 2017-04-12 18:41:16 UTC 
Created attachment 1271239 [details]
bz1441808reproducer.zip
Comment 4 Michael Cada 2017-06-09 08:07:47 UTC 
Verified with EAP 6.4.16.CP.CR1
Comment 5 Petr Penicka 2017-06-22 09:19:19 UTC 
Released on June 20 2017 as part of the EAP 6.4.16 maintenance release.