[
https://issues.apache.org/jira/browse/GEODE-8217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17129504#comment-17129504
]
ASF GitHub Bot commented on GEODE-8217:
---------------------------------------
pivotal-eshu opened a new pull request #5225:
URL: https://github.com/apache/geode/pull/5225
If preferDeserializedForm is set to true, attribute values will be
in deserialzed form.
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Geode session replication could leak internal serialized bytes during
> HttpSessionAttributeListener invocation even when preferDeserializedForm is
> set to true
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GEODE-8217
> URL: https://issues.apache.org/jira/browse/GEODE-8217
> Project: Geode
> Issue Type: Bug
> Components: http session
> Reporter: Eric Shu
> Assignee: Eric Shu
> Priority: Major
> Labels: caching-applications
>
> When preferDeserializedForm is set to true (default value), session object
> should not contain serialized byte in the cache. However, the following
> exception shows that product leaks the serialized bytes.
> {noformat}
> Jun 02, 2020 3:31:58 PM org.apache.catalina.session.StandardSession
> setAttribute
> SEVERE: Session attribute event listener threw exception
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> at
> org.apache.geode.modules.session.AccessAttributeValueListener.attributeReplaced(AccessAttributeValueListener.java:34)
> at
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1482)
> at
> org.apache.geode.modules.session.catalina.DeltaSession.setAttribute(DeltaSession.java:262)
> at
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1385)
> at
> org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:137)
> at
> org.apache.geode.modules.session.catalina.DeltaSessionFacade.setAttribute(DeltaSessionFacade.java:49)
> at
> org.apache.geode.modules.session.CommandServlet.doGet(CommandServlet.java:64)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at
> org.apache.geode.modules.session.catalina.CommitSessionValve.invoke(CommitSessionValve.java:47)
> at
> org.apache.geode.modules.session.catalina.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:45)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Please note if preferDeserializedForm is set to false, this issue could still
> exist, unless HttpSessionBindingEvent.getValue() is not being accessed by the
> application. Otherwise, user should set preferDeserializedForm to true to
> avoid this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
