Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 961091

Summary: ClusteredSSO without strict session stickiness is broken
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: dereed
Component: ClusteringAssignee: dereed
Status: CLOSED WONTFIX QA Contact: Jitka Kozana <jkudrnac>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.0.1, 6.1.0CC: bbaranow, dereed, jkudrnac, lthon, paul.ferraro, rhusar, rjanik
Target Milestone: Pending   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 17:11:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description dereed 2013-05-08 18:58:41 UTC 
Description of problem:
When using ClusteredSSO, if requests to a clustered application are sent to multiple nodes over the life of the session, session replication is broken.
(This can happen due to load balancer bugs, JVM pauses from garbage collection, load balancer redistributing the load, etc).

Version-Release number of selected component (if applicable):
EAP 6.0.1

How reproducible:
Every time.

Steps to Reproduce:
- 2 node cluster on 127.0.0.1:8080 and 127.0.0.1:8180
- Configure ClusteredSSO <sso cache-container="web" cache-name="sso"/>
- Deploy a <distributable/> web app with security that sets a value in the session the first time it's accessed, but does not update it on later requests.
- configure session timeout to 1 minute for easier testing

1. Hit 1st node and login
2. Hit 1st node any number of times (including 0)
3. Hit 2nd node any number of times (at least 1).  Don't let the session time out
4. Hit 1st node again (at least session timeout after #2)

Actual results:
In #4 the session is lost

Expected results:
In #4 SSO works and session failover works

Additional info:
May be triggered by other use cases as well, this is just one use case that is easily reproduced.
Comment 1 dereed 2013-05-08 19:01:10 UTC 
Still debugging, but it appears to be related to buggy implementation of the "emptySSOs" map on nodes other than where the session is currently accessed.
Comment 2 baranowb 2013-06-03 12:22:18 UTC 
As per comment above, this issue should not be in Status 'NEW'
Comment 3 Richard Janík 2013-06-25 10:40:07 UTC 
This bug was reproduced in 6.1.0 as well. Setting affected versions accordingly.
Comment 6 Paul Ferraro 2013-09-18 12:31:06 UTC 
@dereed Dennis, can you fill me in on your status with this?
Comment 10 dereed 2013-09-24 22:05:36 UTC 
Further testing shows that the Infinispan behavior appears to be different in later versions, so this patch may no longer be necessary.
(It is definitely a bug in EAP 6.0.1, but may not affect later versions)

Put this BZ/PR on hold while I conduct further testing.
Comment 16 Radoslav Husar 2013-12-16 15:11:07 UTC 
Fixing status and flags.
Comment 18 dereed 2014-03-18 17:11:08 UTC 
Closing, as unrelated changes appear to have already fixed this in later EAP versions.
Comment 19 Radoslav Husar 2014-06-09 12:18:56 UTC 
Clearing flags.