3 Replies Latest reply on Jan 28, 2016 9:17 PM by Paul Ferraro

    Wildfly 10 CR4: NPE on session.invalidate()

    jamat Newbie

      Steps to reproduce:

      - 2 webapps deployed with FORM auth-method

      - singlesignon is configured

      - log in to first webapp -> OK

      - navigate to a second webapp in another tab -> I do not have to provide credentials

      - go back to the first webapp and invoke a method that will call session.invalidate() -> NPE:

       

      15:00:17,605 ERROR [io.undertow.request] (default task-22) UT005023: Exception handling request to /jaja/InvalidateServlet: java.lang.NullPointerException

              at io.undertow.server.session.InMemorySessionManager.getSession(InMemorySessionManager.java:190)

              at org.wildfly.clustering.web.undertow.sso.DistributableSingleSignOn$InvalidatableSession.invalidate(DistributableSingleSignOn.java:127)

              at io.undertow.security.impl.SingleSignOnAuthenticationMechanism$SessionInvalidationListener.sessionDestroyed(SingleSignOnAuthenticationMechanism.java:169)

              at io.undertow.server.session.SessionListeners.sessionDestroyed(SessionListeners.java:61)

              at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:526)

              at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:505)

              at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:199)

       

      Looking at the code I see that in sessionDestroyed we call: sessionToRemove.invalidate(null);

      which will lead to this NPE.

       

      I am doing something wrong or is this a bug?