1441808 – [GSS](6.4.z) Clustered session unexpectedly expired by sso after cluster member is stopped

Bug 1441808 - [GSS](6.4.z) Clustered session unexpectedly expired by sso after cluster member is stopped

Summary: [GSS](6.4.z) Clustered session unexpectedly expired by sso after cluster memb...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Web
Sub Component:
Version:	6.4.14
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.4.16
Assignee:	Jiri Ondrusek
QA Contact:	Radim Hatlapatka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	eap6416-payload 1455259 1523870
TreeView+	depends on / blocked

Reported:	2017-04-12 18:38 UTC by Aaron Ogburn
Modified:	2017-12-22 18:39 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-06-22 09:19:19 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
bz1441808reproducer.zip (25.85 KB, application/octet-stream) 2017-04-12 18:41 UTC, Aaron Ogburn	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	3000691	0	None	None	None	2017-04-12 18:53:14 UTC

Description Aaron Ogburn 2017-04-12 18:38:43 UTC

Description of problem:

When a single cluster member is stopped, sessions in its manager are clearedand other cluster members are notified that the sso entry for those sessions is now empty, so these members move that entry to their emptySSOs:

11-04-2017 05:02:02,316 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (OOB-17,shared=tcp) received a session modified message for SSO p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 05:02:02,316 TRACE [org.jboss.as.web.sso] (OOB-17,shared=tcp) Notified that SSO p0vsaBCR6yVjvIOwEKHfzWRR is empty

Despite continued activity for that session/sso on the remaining cluster members, the sso and its sessions are expired after the maxEmptyLife passes from when that cluster member was shutdown:

11-04-2017 06:46:12,376 TRACE [org.jboss.as.web.sso] (ajp-/0.0.0.0:11409-382) Associate sso id p0vsaBCR6yVjvIOwEKHfzWRR with session SessionBasedClusteredSession[id: ylja2xlbE9XnFsbP8OsLTH-k lastAccessedTime: 1491885960368 version: 8181 lastOutdated: 0]
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Invalidating expired SSO p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Deregistering sso id 'p0vsaBCR6yVjvIOwEKHfzWRR'
11-04-2017 06:46:21,496 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Registering logout of SSO p0vsaBCR6yVjvIOwEKHfzWRR in clustered cache
11-04-2017 06:46:21,498 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) cacheEntryRemoved ssoId = p0vsaBCR6yVjvIOwEKHfzWRR
11-04-2017 06:46:21,498 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Notified that SSO p0vsaBCR6yVjvIOwEKHfzWRR is empty
11-04-2017 06:46:21,498 TRACE [org.jboss.as.clustering.web.sso.infinispan.SSOClusterManager] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Registering logout of SSO p0vsaBCR6yVjvIOwEKHfzWRR in clustered cache
11-04-2017 06:46:21,488 TRACE [org.jboss.as.web.sso] (ContainerBackgroundProcessor[StandardEngine[jboss.web]])  Invalidating session SessionBasedClusteredSession[id: ylja2xlbE9XnFsbP8OsLTH-k lastAccessedTime: 1491885960368 version: 8182 lastOutdated: 0]


Version-Release number of selected component (if applicable):


How reproducible:

Always


Steps to Reproduce:
1. Launch two nodes with the attached configuration and the SimpleWar.war deployed.  It helps reproduce more quickly with a shorter maxEmptyLife/processExpiresInterval:

./standalone.sh -c standalone-sso.xml -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.maxEmptyLife=60 -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.processExpiresInterval=1 -Djboss.node.name=node1

./standalone.sh -c standalone-sso.xml -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.maxEmptyLife=60 -Dorg.jboss.as.web.sso.ClusteredSingleSignOn.processExpiresInterval=1 -Djboss.socket.binding.port-offset=100 -Djboss.node.name=node2

2. Access localhost:8080/SimpleWar/secure/hi.jsp and login (admin/redhat1!).  Note the sessionid/sso generated.
3. Stop node1 then access localhost:8180/SimpleWar/secure/hi.jsp
4. Wait one minute for maxEmptyLife to pass.  
5. In a new browser session, access localhost:8180/SimpleWar/secure/hi.jsp and login then access localhost:8180/SimpleWar/secure/invalidate.jsp in this same session
6. Note that the sessionid/sso from step 2 are expired

Actual results:

Clustered SSO entry becomes an "emptySSO" after a cluster member stops.  This leads to unexpected SSO/session expiration after maxEmptyLife passes.


Expected results:


Clustered SSO entry does not become an "emptySSO" after a cluster member stops and/or continued activity on other cluster members removes it from emptySSO.


Additional info:

To address this, perhaps ClusteredSingleSignOn.sessionEvent should not broadcast that the SSO is empty when the session is expired because the manager is stopping.

And/Or perhaps ClusteredSingleSignOn.associate should ensure the sso is removed from emptySSOs.

Comment 1 Aaron Ogburn 2017-04-12 18:41:16 UTC

Created attachment 1271239 [details]
bz1441808reproducer.zip

Comment 4 Michael Cada 2017-06-09 08:07:47 UTC

Verified with EAP 6.4.16.CP.CR1

Comment 5 Petr Penicka 2017-06-22 09:19:19 UTC

Released on June 20 2017 as part of the EAP 6.4.16 maintenance release.

Note You need to log in before you can comment on or make changes to this bug.