Sunday, October 29, 2017

Why Session Destroyed Event triggered multiple times for one Http Session on WebLogic Cluster

By Hường Hana 7:00 PM , , , , Leave a Comment

I have a weblogic 12c, configured with one cluster, 4 node instances in the cluster, Default Load Algorithm is Round Robin, Replication Type is MAN. I deploy one web application on all 4 nodes.

Issue:
During the run time, I found that to one http session, sessionDestroyed event would be triggered more than one time when it becomes time out in the weblogic (1 hour). But per log, sessionCreated event was only triggered one time.

It confused me. Does there has any magic? I remember per the official documentation, session replication among the cluster instance should be transparent to the developers. So that what is expected is only one sessionCreated event and only one sessionDestroyed event would be triggered for one http session.

Attach the Log:

DEBUG Oct-20-17 01:53:40 [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] (AMCSessionListener-27  ) - Session: wIc4WB62vlaYR_tMRMIc0WpBHchh5fbwpinxgaig4mJRJFhlPUcj!-1795465203!1400921280!1508478820022 Created at Fri Oct 20 01:53:40 EDT 2017 DEBUG Oct-20-17 02:54:05 [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] (AMCSessionListener-46  ) - Session: wIc4WB62vlaYR_tMRMIc0WpBHchh5fbwpinxgaig4mJRJFhlPUcj!-1795465203!1400921280!1508478820022 Destroyed at Fri Oct 20 02:54:05 EDT 2017 DEBUG Oct-20-17 02:55:12 [[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'] (AMCSessionListener-46  ) - Session: wIc4WB62vlaYR_tMRMIc0WpBHchh5fbwpinxgaig4mJRJFhlPUcj!173379423!1400921280!1508478820022 Destroyed at Fri Oct 20 02:55:12 EDT 2017

Below is my weblogic configuration:

<?xml version="1.0" encoding="UTF-8"?> <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">   <session-descriptor>     <cookie-path>/AppName</cookie-path>     <persistent-store-type>replicated</persistent-store-type>     <http-proxy-caching-of-cookies>true</http-proxy-caching-of-cookies>     <cookie-secure>true</cookie-secure>      </session-descriptor>   </weblogic-web-app>

This is my session configure in the web.xml inside web application:

<session-config>     <session-timeout>60</session-timeout> </session-config>

This is my SessionListener.java:

public class SessionListener implements HttpSessionListener {      private static Logger logger = Logger.getLogger(SessionListener.class);      @Override     public void sessionCreated(HttpSessionEvent se) {         if (logger.isDebugEnabled()) {             logger.debug("Session: " + se.getSession().getId() + " Created at " + (new java.util.Date()));         }     }      @Override     public void sessionDestroyed(HttpSessionEvent se) {         if (logger.isDebugEnabled()) {             logger.debug("Session: " + se.getSession().getId() + " Destroyed at " + (new java.util.Date()));         }     } }

This code for manually logout:

@RequestMapping(value = "/logout", method = RequestMethod.GET) public ModelAndView logout(HttpServletRequest request,             HttpServletResponse response) throws Exception {          ...         // Business Logic for Logout         ...          request.getSession().invalidate();          CommonViewObject vo = new CommonViewObject();         return renderReponse(request, response, vo, "Login"); }

Any suggestion would be appreciated. I need address the issue, thank you!

Update:

According to my investigation in this week, I found that the second time call on sessionDestroyed is triggered by the time out of secondary session created by weblogic session replication, which is what I do not want. Do we have any way to avoid this?

1 Answers

Answers 1

If you force the user to logout via the invalidate()method, then HttpSessionListener sessionDestroyed() method is called twice, once when they logout, and a second time after some delayed time period.

This occurs if after the logout you redirect the user back to a web page within your application. What you're essentially doing is starting another session (which may not be immediately obvious if you haven't added security/authentication requirements to all your web pages), and the delayed second call of the sessionDestroyed() method is a timeout occurring.

The simple solution, on logout redirect the user to a web page outside of your application.

You may be interested to look :

JDev/ADF: How to log user login/logout/timeout to the database

JSP Servlet session invalidate() does not make session null

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment