Announcement Announcement Module
Collapse
No announcement yet.
Cannot create a session after the response has been committed Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot create a session after the response has been committed

    I'm doing some performance testing on an AppFuse-based application that uses Acegi Security heavily. Using 20 concurrent users, I start to see the following error after about 6 minutes:

    Code:
    ERROR [http-8080-Processor25] [jsp].invoke(260) | Servlet.service() for servlet jsp threw exception
    java.lang.IllegalStateException: Cannot create a session after the response has been committed
            at org.apache.catalina.connector.Request.doGetSession(Request.java:2206)
            at org.apache.catalina.connector.Request.getSession(Request.java:2024)
            at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:831)
            at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:215)
            at org.acegisecurity.ui.WebAuthenticationDetails.<init>(WebAuthenticationDetails.java:55)
            at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.createAuthentication(AnonymousProcessingFilter.java:99)
            at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:140)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
            at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:165)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
            at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
            at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
            at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
            at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
            at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
            at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:613)
    This seems to be triggered by my logout.jsp, which is:

    Code:
    %@ include file="/common/taglibs.jsp"%>
    <%@ page import="javax.servlet.http.Cookie" %>
    <%@ page import="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices" %>
    
    <%
    session.invalidate();
    Cookie terminate = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
    
    terminate.setMaxAge(0);
    response.addCookie(terminate);
    %>
    
    <c:redirect url="/"/>
    I've tried changing <c:redirect/> to <jsp:forward/>, but that didn't help either. BTW, it's cool to see that forwarding now works (I'm using AS 1.0.0 RC2) - I remember having to redirect in previous versions.

    The strange thing is that everything works fine under normal load, and you never see this exception in the logs. It only happens under heavy load - but it takes 6 minutes or so for this to happen.

    The good news is I've been able to achieve the following numbers (don't know how these compare to others):

    20 active users
    41 pages per second
    10 MB per second

    In 130,000 pages served, errors only occur on 415, and they're all from logout.jsp. 0.32 % isn't too bad is my guess. ;-)

    Any ideas why logout.jsp could be causing this problem? It's possible my test is invalid. However, all I did was recorded using WAPT - and clicked through 45 different pages, logging out at the end.

    http://www.loadtestingtool.com/

    Thanks,

    Matt

  • #2
    Any ideas why logout.jsp could be causing this problem?
    Not sure, but it mnay be related to SEC-200. I haven't looked into what's causing this yet.

    Comment


    • #3
      Would it be possible to record a test using Contacts, so that I have something we can run it against at this end?

      Comment


      • #4
        I think it would be worth verifying that it's not some problem with WAST and its session handling. I remember having trouble with it in the (distant) past.

        Comment


        • #5
          Sorry, I read WAST for WAPT... I haven't used WAPT

          Comment


          • #6
            We believe this is fixed in CVS as per http://opensource2.atlassian.com/pro...browse/SEC-211 - would you please try CVS HEAD and comment on the issue as to whether it works for you.

            Thanks
            Ben

            Comment


            • #7
              Hi Ben,

              Originally posted by Ben Alex
              We believe this is fixed in CVS as per http://opensource2.atlassian.com/pro...browse/SEC-211 - would you please try CVS HEAD and comment on the issue as to whether it works for you.
              I was experiencing the exact same problem. This was, however, only occurring if you attempted to logout when you were not currently logged in.

              In the latest nightly snapshot from CVS, acegisecurity-2006-03-17_145720, this appears to be fixed.

              Thanks
              Ben
              Thank you!

              - Sam

              Comment


              • #8
                Sorry, I must've not had a subscription to this thread b/c I've missed all the replies. Is it possible to download the nightly build from somewhere?

                Comment


                • #9
                  No, but there are a nightly archives of the source tree at

                  acegisecurity.sourceforge.net/nightly

                  (Obviously the 700k plus ones are the ones to go for).

                  Comment


                  • #10
                    Hi, this is almost 3 years ago, but today i have the same problem. i downloaded the acegi 1.0.4 right now (before i used 1.0.3), and i still have this problem when i wanna logout. i get this exception

                    Code:
                    java.lang.IllegalStateException: Cannot create a session after the response has been committed
                    	at org.apache.catalina.connector.Request.doGetSession(Request.java:2214)
                    	at org.apache.catalina.connector.Request.getSession(Request.java:2024)
                    	at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:831)
                    	at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:842)
                    	at de.nfranze.sf.servlets.URLFilter.doFilter(URLFilter.java:24)
                    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                    	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
                    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:77)
                    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)
                    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
                    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
                    	at java.lang.Thread.run(Unknown Source)
                    Does anybody know whats wrong here?

                    Comment


                    • #11
                      It isn't the same problem - there isn't a single Acegi class in the stacktrace you have there, so I can't see where you're even using Acegi. I'd imagine the problem lies with your URLFilter class.

                      Comment

                      Working...
                      X