voyent
Logout and Session Expired Problem  XML
Forum Index -> General Help
Author Message
schroederw

Joined: 19/Nov/2007 00:00:00
Messages: 12
Offline


Hi all,

it seems a lot of people still have reoccuring problems with session related exceptions when logging out using session.invalidate().

As far as I understand, icefaces is wrapping the httpsession. That's why it's mandatory to use this wrapped session for invalidation. Using invalidate() with a non-jsf-environent jsp will not working, because this is the unwrapped session and may/will lead to a "session already expired" exception (exceptions may vary depending on used jsp-container) on timed serverside updates.

Unfortunately even when using a jsf-action for logout (plus redirect to a logout-page), I'll get an exception like this:

java.lang.IllegalStateException: Session was invalidated
at com.evermind.server.http.EvermindHttpSession.getId(EvermindHttpSession.java:466)
at com.icesoft.faces.webapp.http.servlet.SessionDispatcher.notifySessionShutdown(SessionDispatcher.java:127)
at com.icesoft.faces.webapp.http.servlet.SessionDispatcher.access$300(SessionDispatcher.java:18)
at com.icesoft.faces.webapp.http.servlet.SessionDispatcher$Monitor.shutdown(SessionDispatcher.java:196)
at com.icesoft.faces.webapp.http.servlet.InterceptingServletSession.invalidate(InterceptingServletSession.java:18)

This happens when calling
((HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false)).invalidate();

Looking into the source of SessionDispatcher, I found in

122 try {
123 session.invalidate();
124 } catch (IllegalStateException e) {
125 Log.info("Session already invalidated.");
126 } finally {
127 SessionIDs.remove(session.getId());
128 }

I think line 127 causes another exception because, the session was invalidated in line 123 and some jsp-containers (at least oc4j) throws an exception when trying to get the invalidated session-id with session.getId(). Is this a potential bug?

Another session-related question: Why are you wrapping the session in this relatively proprietary way? Wouldn't a standard session-listener be a better way to clean up the session and get rid of any timed update threads?
ken.fyten

Joined: 26/Oct/2004 00:00:00
Messages: 1337
Offline


Looking into the source of SessionDispatcher, I found in

122 try {
123 session.invalidate();
124 } catch (IllegalStateException e) {
125 Log.info("Session already invalidated.");
126 } finally {
127 SessionIDs.remove(session.getId());
128 }

I think line 127 causes another exception because, the session was invalidated in line 123 and some jsp-containers (at least oc4j) throws an exception when trying to get the invalidated session-id with session.getId(). Is this a potential bug?  


Yes, indeed this appears to be a potential problem. I've created a new JIRA for it: http://jira.icefaces.org/browse/ICE-3095

Thanks for the heads-up!

Regards,
Ken

Ken Fyten
VP Product Development
ICEsoft Technologies, Inc.
mircea.toma

Joined: 10/Feb/2005 00:00:00
Messages: 323
Offline



Another session-related question: Why are you wrapping the session in this relatively proprietary way? Wouldn't a standard session-listener be a better way to clean up the session and get rid of any timed update threads? 


The framework has to communicate with the browser right before the session is expired. By the time the session-listener is invoked that would not be possible anymore.
Also, ICEfaces has to keep track of the session validity since it has to ignore certain requests (such as heartbeat pings) so it cannot rely on session-listener mechanism.
One more reason would that there's no guaranteed order of invocation for registered listeners. Normally you would want to have the framework listeners invoked before the application listeners.
[Email]
vielinko

Joined: 20/Mar/2007 00:00:00
Messages: 34
Offline


Hey There!


talking about session expired or session invalidate ... I already can do this on my IceFaces Project, but I need to know how to handle the post-exception after the session invalidating/expired ... i.e.:

i got this error after invalidate my session:

Code:
 07-18@20:26:54 ERROR (D2DFaceletViewHandler.java:292)     - Problem in renderResponse: /jspx/login.jspx @28,61 test="#{client.showSecurityCode}" Session has been expired.
 com.sun.facelets.tag.TagAttributeException: /jspx/login.jspx @28,61 test="#{client.showSecurityCode}" Session has been expired.
         at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:235)
         at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79)
         at com.sun.facelets.tag.jstl.core.IfHandler.apply(IfHandler.java:49)
         at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314)
         at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169)
         at com.sun.facelets.tag.jsf.core.ViewHandler.apply(ViewHandler.java:109)
         at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49)
 :
 :
 :
 and so on ...
 
 



Always when my session expires or I invalidated (with a logout button) I'll get an Exception like this, with tons of lines ... my Tomcat (or my FS on linux) will be fill up because this tons of Exception's lines ...

Can someone advice me how to handle this kind of exception? ... I need to cotrol it and handle it to another way ...


rgds,

VieL.
theyn

Joined: 20/Jan/2008 00:00:00
Messages: 6
Offline


@vielinko

Were you able you handle the exception? Did you found an advice?
vielinko

Joined: 20/Mar/2007 00:00:00
Messages: 34
Offline


theyn wrote:
@vielinko

Were you able you handle the exception? Did you found an advice? 


Hello :) ...

Well, I tried a few possible solutions ...

I guess This isn't the best solutions, but works for me.

I implement a HttpSessionListener, and handle all my beans references from here.

I hope you fond useful this "tip" :P ...


rgds,
VieL
 
Forum Index -> General Help
Go to:   
Powered by JForum 2.1.7ice © JForum Team