spontaneous session creation

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

spontaneous session creation

cpanon
Hello
With trepidation I ask if it is possible for dwr to "spontaneously" be generating a session.  I have a deployment with 2.0.11 have it configured for rAjax but no other
js libraries configured for rAjax.  A session listener is capturing the creation of the session and immediately failure of dwr. It this behavior an artifact of rAjax w/2.0.11?

Reply | Threaded
Open this post in threaded view
|

Re: spontaneous session creation

david@butterdev.com
If you are referring to an HttpSession, DWR should not normally create
sessions.  The caveat is if you have creators that are declared with a
session scope.

On 2015-11-12 13:10, Yahoo! Support Inc© wrote:
> Hello
> With trepidation I ask if it is possible for dwr to "spontaneously" be
> generating a session. I have a deployment with 2.0.11 have it
> configured for rAjax but no other
>
> js libraries configured for rAjax. A session listener is capturing the
> creation of the session and immediately failure of dwr. It this
> behavior an artifact of rAjax w/2.0.11?
Reply | Threaded
Open this post in threaded view
|

Re: spontaneous session creation

Mike Wilson
Administrator
In reply to this post by cpanon
Normally you could easily check who/what is creating the session by setting a breakpoint in your session listener and looking up along the call stack who is calling request.getSession().
 
Best regards
Mike Wilson
 
cpanon wrote:
Hello
With trepidation I ask if it is possible for dwr to "spontaneously" be generating a session.  I have a deployment with 2.0.11 have it configured for rAjax but no other
js libraries configured for rAjax.  A session listener is capturing the creation of the session and immediately failure of dwr. It this behavior an artifact of rAjax w/2.0.11?

Reply | Threaded
Open this post in threaded view
|

Re: spontaneous session creation

cpanon
In reply to this post by cpanon
Sorry for not being clear.  The session is extant and valid, a new session is spontaneously created and in production I cannot determine the source and am assuming it is dwr.  When that new session is created the very next trace from the client is a dwr illegal constructor error.  That is trapped on the page and forces a re-submit and the application recovers, transparently to the user.  Is this an artifact of a creator on session scope?  I am in a catch-22 by not able to determine exactly what is causing the new session creation but all reasonableness indicates dwr.  If it is dwr b/c of the session scope of the creator is it possible to stop engine.js from creating a spontaneous session?  If the creator is put in application scope will multiple clients that store data and call methods on that creator, be kept separate?  I suspect not, therefore am I stuck with a session creation problem of no resolution?



On Saturday, November 14, 2015 11:20 AM, David Marginian <[hidden email]> wrote:


I don't completely understand what you are saying.  However, please direct all future responses to the mailing list.

When you choose to use session scope, if a session is not available then a session will be created.  We don't create the session, your container is creating the session because one does not exist (we are calling request.getSession).  I would ask you what do you expect if you are using session scope?  The bean should not be created in the session scope until first requested/used.  So at that time your application has not created a session yet. 


On 11/14/2015 08:53 AM, Yahoo! Support Inc© wrote:
It is not that HTTPSession is not available the application log shows many times the normal functioning of a session and then within 10s or 100s or 1000s of ms later there is a new session created as shown by the listener, the next log trace is dwr failing with illegal constructor.  I have configured a exception on the page to force a submit if dwr call fails.  Immediately after the illegal constructor log traces I see the submit. The application recovers b/c if there is not db handle in the session, which there is not on the re-submit, it creates a db handle and finds the open object repopulates the last known state and sends back tot he client.  I would like to stop the spontaneous session creation, if it is dwr, and why I cannot duplicate this is test.  I could provide an abbreviated log trace if helpful but it would be the detail of the description above.



On Friday, November 13, 2015 2:10 PM, [hidden email] [hidden email] wrote:


In your scenario each user should have a separate copy of the bean
exposed via the DWR creator.  If you are using the session scope and a
HttpSession is not available DWR will create one, that should be
obvious.  If you don't want this behavior, don't use session scope.

I still don't quite understand the issue as you haven't been very
descriptive.  So I can't answer your question regarding Spring.

On 2015-11-13 08:01, Yahoo! Support Inc© wrote:
> Hi David
> Thank you, yes the caveat is it. I have a Struts creator(yes I know
> move on now, next), in session scope. If I define it for application
> and two or more clients connect, will the data for each be separate or
> indeterminate? If indeterminate which is lethal, then can I stop the
> stop the spontaneous creation of the session? I assume this is not an
> issue deployed in Spring?
>
>  On Thursday, November 12, 2015 4:38 PM, "[hidden email][hidden email]"
> <[hidden email]> wrote:
>
>> If you are referring to an HttpSession, DWR should not normally
>> create
>> sessions. The caveat is if you have creators that are declared with
>> a
>> session scope.
>>
>> On 2015-11-12 13:10, Yahoo! Support Inc© wrote:
>>> Hello
>>> With trepidation I ask if it is possible for dwr to
>> "spontaneously" be
>>> generating a session. I have a deployment with 2.0.11 have it
>>> configured for rAjax but no other
>>>
>>> js libraries configured for rAjax. A session listener is capturing
>> the
>>> creation of the session and immediately failure of dwr. It this
>>> behavior an artifact of rAjax w/2.0.11?





Reply | Threaded
Open this post in threaded view
|

Re: spontaneous session creation

david@butterdev.com
As I have previously said DWR does not create sessions directly, your container does:

http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getSession%28%29

If we call getSession and there is not a session your container will create one if the bean you are attempting to use is defined with a session scope.  So, if as you say the session is valid then DWR is not the culprit.

I also don't understand why you are only seeing this problem in production and are unable to troubleshoot it.

With an application scoped bean all users would share the same bean instance.  I would argue that storing user specific state in the bean is not generally a good practice anyway so if that is your concern I suggest analyzing what it is you are trying to accomplish and if you are going about it the best way.


On 11/14/2015 10:46 AM, Yahoo! Support Inc© wrote:
Sorry for not being clear.  The session is extant and valid, a new session is spontaneously created and in production I cannot determine the source and am assuming it is dwr.  When that new session is created the very next trace from the client is a dwr illegal constructor error.  That is trapped on the page and forces a re-submit and the application recovers, transparently to the user.  Is this an artifact of a creator on session scope?  I am in a catch-22 by not able to determine exactly what is causing the new session creation but all reasonableness indicates dwr.  If it is dwr b/c of the session scope of the creator is it possible to stop engine.js from creating a spontaneous session?  If the creator is put in application scope will multiple clients that store data and call methods on that creator, be kept separate?  I suspect not, therefore am I stuck with a session creation problem of no resolution?



On Saturday, November 14, 2015 11:20 AM, David Marginian [hidden email] wrote:


I don't completely understand what you are saying.  However, please direct all future responses to the mailing list.

When you choose to use session scope, if a session is not available then a session will be created.  We don't create the session, your container is creating the session because one does not exist (we are calling request.getSession).  I would ask you what do you expect if you are using session scope?  The bean should not be created in the session scope until first requested/used.  So at that time your application has not created a session yet. 


On 11/14/2015 08:53 AM, Yahoo! Support Inc© wrote:
It is not that HTTPSession is not available the application log shows many times the normal functioning of a session and then within 10s or 100s or 1000s of ms later there is a new session created as shown by the listener, the next log trace is dwr failing with illegal constructor.  I have configured a exception on the page to force a submit if dwr call fails.  Immediately after the illegal constructor log traces I see the submit. The application recovers b/c if there is not db handle in the session, which there is not on the re-submit, it creates a db handle and finds the open object repopulates the last known state and sends back tot he client.  I would like to stop the spontaneous session creation, if it is dwr, and why I cannot duplicate this is test.  I could provide an abbreviated log trace if helpful but it would be the detail of the description above.



On Friday, November 13, 2015 2:10 PM, [hidden email] [hidden email] wrote:


In your scenario each user should have a separate copy of the bean
exposed via the DWR creator.  If you are using the session scope and a
HttpSession is not available DWR will create one, that should be
obvious.  If you don't want this behavior, don't use session scope.

I still don't quite understand the issue as you haven't been very
descriptive.  So I can't answer your question regarding Spring.

On 2015-11-13 08:01, Yahoo! Support Inc© wrote:
> Hi David
> Thank you, yes the caveat is it. I have a Struts creator(yes I know
> move on now, next), in session scope. If I define it for application
> and two or more clients connect, will the data for each be separate or
> indeterminate? If indeterminate which is lethal, then can I stop the
> stop the spontaneous creation of the session? I assume this is not an
> issue deployed in Spring?
>
>  On Thursday, November 12, 2015 4:38 PM, "[hidden email]"
> <[hidden email]> wrote:
>
>> If you are referring to an HttpSession, DWR should not normally
>> create
>> sessions. The caveat is if you have creators that are declared with
>> a
>> session scope.
>>
>> On 2015-11-12 13:10, Yahoo! Support Inc© wrote:
>>> Hello
>>> With trepidation I ask if it is possible for dwr to
>> "spontaneously" be
>>> generating a session. I have a deployment with 2.0.11 have it
>>> configured for rAjax but no other
>>>
>>> js libraries configured for rAjax. A session listener is capturing
>> the
>>> creation of the session and immediately failure of dwr. It this
>>> behavior an artifact of rAjax w/2.0.11?