Eric Shu created GEODE-8217:
-------------------------------
Summary: Geode session replication could leak internal serialized
bytes during HttpSessionAttributeListener invocation even when
preferDeserializedForm is set to true
Key: GEODE-8217
URL: https://issues.apache.org/jira/browse/GEODE-8217
Project: Geode
Issue Type: Bug
Components: http session
Reporter: Eric Shu
When preferDeserializedForm is set to true (default value), session object
should not contain serialized byte in the cache. However, the following
exception shows that product leaks the serialized bytes.
{noformat}
Jun 02, 2020 3:31:58 PM org.apache.catalina.session.StandardSession setAttribute
SEVERE: Session attribute event listener threw exception
java.lang.ClassCastException: [B cannot be cast to java.lang.String
at
org.apache.geode.modules.session.AccessAttributeValueListener.attributeReplaced(AccessAttributeValueListener.java:34)
at
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1482)
at
org.apache.geode.modules.session.catalina.DeltaSession.setAttribute(DeltaSession.java:262)
at
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1385)
at
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:137)
at
org.apache.geode.modules.session.catalina.DeltaSessionFacade.setAttribute(DeltaSessionFacade.java:49)
at
org.apache.geode.modules.session.CommandServlet.doGet(CommandServlet.java:64)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.geode.modules.session.catalina.CommitSessionValve.invoke(CommitSessionValve.java:47)
at
org.apache.geode.modules.session.catalina.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:45)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
{noformat}
Please note if preferDeserializedForm is set to false, this issue could still
exist, unless HttpSessionBindingEvent.getValue() is not being accessed by the
application. Otherwise, user should set preferDeserializedForm to true to avoid
this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
