Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP session is not managed properly #9

Open
snicoll opened this issue Jul 13, 2012 · 2 comments
Open

HTTP session is not managed properly #9

snicoll opened this issue Jul 13, 2012 · 2 comments
Labels
bug

Comments

@snicoll
Copy link
Member

snicoll commented Jul 13, 2012

the tomcat embed API for some reason does not manage the HTTP session properly. If one starts two vaadin applications they timeout each other.

To reproduce:

  • Start embed for vaadin and invoke some action on the screen
  • Start a second copy and invoke some action (the same or another one, it does not matter)
  • Go back to the first vaadin application, invoke an action

Expected: it simply works
Actual: a "Session expired" message is displayed. When it gets resolved, switching back to the second application leads to a session expired as well

Tracing that, the HTTP session is null in AbstractApplicationServlet#getExistingApplication
@coekie
Copy link
Contributor

coekie commented Jul 13, 2012

What do you mean exactly with "start a second copy"? Open the same URL in a different browser/tab?

Keep in mind that, just given its API alone, EmbedVaadin.forComponent(Component) can only run one application instance; the one that contains the component you gave it. You cannot "start a second copy" from that (unless you clone that component e.g. using serialization). So if you open it in a second page, it's not a different application, it's the same one. It must therefore break the first page where you opened it, because that page either lost its application or at least is out of sync with it. (Maybe Vaadin deliberately closes the http session of the first page because it can't work properly anymore anyways.)

Or did you start it with EmbedVaadin.forApplication(Class<? extends Application>); which can support multiple instances (because it's the class, of which it will create different instances)? Or did I completely misunderstand what you meant?

@snicoll
Copy link
Member Author

snicoll commented Jul 13, 2012

A second instance of the same application. And no, I am not talking about embedding a component but a regular application.

Actually, it's worse. Say you start a vaadin-based application (any application!) with a regular tomcat (through the cargo plugin for instance) and then you start another (or the same) vaadin-based application with Embed for Vaadin, you'll get the same issue.

So it's all about how the embedded tomcat is configured and how it invalidates the HTTP session. Something must be wrong there to invalidate a session that is unrelated.

It's easy to reproduce. Take any project and start it twice (two VMs) and you'll be able to reproduce

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coekie @snicoll