Pivotal GemFire HTTP Session Management Module for AppServers observed with the version 8.2.x
An HTTP session is newly created when forwarding a request via a Java Web application framework, such as Struts 2 using the Pivotal GemFire HTTP Session Management Module for AppServers (GFHSMM) although, it should be maintained within the existing HTTP session.
In terms of ServletFilter usage, this can happen if the Java Web application framework such as Struts 2 tries to wrap HttpServletRequest with its own request wrapper even when GFHSMM has already wrapped it with SessionCachingFilter.RequestWrapper when forwarding the request.
Particularly for Struts 2, this happens with the following steps:
- A request comes in; it passes through the GFHSMM's SessionCachingFilter as well as the Struts filter.
- Both filters wrap the HttpServletRequest so that the end result is a StrutsRequestWrapper, around a SessionCachingFilter.RequestWrapper, around a HttpServletRequest.
- An action is invoked and a new session is created.
- The request is then forwarded to a JSP page. Since it is needed to configure the filter with FORWARD for the GFHSMM, your filter is invoked again and it wraps the request in a different instance of SessionCachingFilter.RequestWrapper.
- The JSP then creates a new session.
Remove the following element from your ServletFilter setting in web.xml for GemFire HTTP Session Management Module for AppServers:
According to the implementation of Java Web application frameworks, you might consider removing all of the dispatcher elements, or at least remove the following element as well in case the code is also doing any RequestDispatcher.include calls.
This functionality will be improved in the following feature request in the next major release of Session Management module for AppServers.
- GEODE-1728 : SessionCachingFilter can create multiple sessions when requests are forwarded.