Ticket #896 (new defect)

Opened 3 years ago

User Sessions need more investigation

Reported by: ak19 Owned by: nobody
Priority: moderate Milestone: 3.09 Release
Component: Greenstone3 Runtime Severity: major
Keywords: Cc:

Description

Some work needs to be done in GS3's LibraryServlet?.java around the session related information. The java code maintains a session table, and tomcat provides the session variable too, and we'd like to ensure these are kept in sync.

Further, one of the problematic areas identified is the code upon "clean_all" in LibraryServlet?.java. Firstly, the session_ids_table is entirely cleared (cleaned) upon ANY system action that is not activate or deactivate (or Ping). Maybe this should happen only when a global MessageRouter? reconfigure is requested. Also, all sessions other than the current User Session should be marked as invalidated too, since the corresponding data in the session_ids_table in memory was cleared.

We will also want to investigate how tomcat stores session data, does it use serialization. And if so, does the user_session_cache table whose hash we put in there also get serialized sensibly, are is it just a memory location that becomes stale upon a server restart.

Note: See TracTickets for help on using tickets.