3 Replies Latest reply on Dec 8, 2014 8:33 AM by ctomc

    What actually triggers the creation of a HttpSession on WildFly 8?

    htmfilho
    htmfilho Dec 7, 2014 5:33 AM

      I have noticed that WildFly 8.1 is creating multiple sessions for a single user of my app. I have created a HttpSessionListener to show those sessions in the console. In a very short period of time, while the user is interacting with the application, sessions are created one after another:

       

      User access the app at http://localhost:8080/app

      [0m10:51:33,352 INFO  [UserSessionListener] (default task-1) Session id created:DiI-KlnWMBwO-LPPJAyz11CI

       

      User is authenticated when trying to access the protected page "home.xhtml" (a security constraint in web.xml)

      No new session

       

      User tries to access another protected page "/profile/profile.xhtml"

      [0m10:51:53,664 INFO  [UserSessionListener] (default task-2) Session id created:UOFklU_2dENgSZ728FOVjyn2

      At this point, the login page appears once again.

      The user is authenticated once more.

      No new session

       

      The user tries to access a non-protected page (/profile/public_profile.xhtml)

      [0m10:51:56,978 INFO  [UserSessionListener] (default task-3) Session id created:WOItRb0a-7SOVEqIEFqAoJLp

       

      ...and so on.

       

      The security constraints are:

      <security-constraint>
        <display-name>Admin Constraints</display-name>
        <web-resource-collection>
            <web-resource-name>administrators</web-resource-name>
            <description/>
            <url-pattern>/admin/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <display-name>Users Constraints</display-name>
        <web-resource-collection>
            <web-resource-name>users</web-resource-name>
            <description/>
            <url-pattern>/home.xhtml</url-pattern>
            <url-pattern>/profile/change_email.xhtml</url-pattern>
            <url-pattern>/profile/change_password.xhtml</url-pattern>
            <url-pattern>/profile/profile.xhtml</url-pattern>
            <url-pattern>/profile/profile_form.xhtml</url-pattern>
            <url-pattern>/profile/user_deactivation.xhtml</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>

       

      I would like to know what exactly triggers the creation of new http sessions.

       

      I'm using Java8 + WildFly 8.1 + Mac. I'm also using the JavaEE 7 spec, with all XML descriptors updated.

       

      Thanks in advance!