I upgraded Struts version 2.3 to 6.0. It's built successfully but when I am trying to login to the application I am getting
UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
on the browser.
I am using wildfly 24+ Struts 6.0
Error stack:
1:21:41,611 INFO [stdout] (default task-1) 2024-02-19 01:21:41,602 ERROR [org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler] Exception occurred during processing request: UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
01:21:41,611 INFO [stdout] (default task-1) java.lang.IllegalStateException: UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
01:21:41,611 INFO [stdout] (default task-1) at io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:519) ~[undertow-core-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,611 INFO [stdout] (default task-1) at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,611 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.SessionMap.get(SessionMap.java:157) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,611 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.SessionMap.put(SessionMap.java:175) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.DefaultCspSettings.associateNonceWithSession(DefaultCspSettings.java:90) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.DefaultCspSettings.addCspHeaders(DefaultCspSettings.java:78) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.CspInterceptor.beforeResult(CspInterceptor.java:49) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:274) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.TorchTokenSessionStoreInterceptor.doIntercept(TorchTokenSessionStoreInterceptor.java:176) ~[classes:?]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.factory.StrutsActionProxy.execute(StrutsActionProxy.java:48) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:637) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:140) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,613 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.SqlInjectionAndXSSFilter.doFilter(SqlInjectionAndXSSFilter.java:79) ~[classes:?]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.AccessFilter.doFilter(AccessFilter.java:86) ~[classes:?]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.17.1.jar:2.17.1]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) ~[?:?]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
This is my login action code
if(null==mode)
{
HttpSession session = getServletRequest().getSession(false);
log.debug(session + "" + getServletRequest().getSession(false));
if (null != session)
{
session.invalidate();
}
//removed form above if condition during migration of struts2 as struts1 session was created in locale settings
session = getServletRequest().getSession(true);
}
userVO=(UserVO)getSessionObject(getServletRequest(),TorchConstants.GLOBAL_USERINFO_KEY);
this is my session code of login action parent class code
protected Object getSessionObject(HttpServletRequest req, String attrName) {
HttpSession httpSession = null;
httpSession = req.getSession(false);
Object obj = null;
if (null != httpSession) {
obj = httpSession.getAttribute(attrName);
}
return obj;
}
not getting how to handle this situation.
You are not allowed to use an old session after it was invalidated. In the action you have invalidated a http session.
It is a servlet session object which should be avoided in the typical Struts2 application. Instead you should use a
SessionMap
.Then you continued to reuse an old session which was kept in the
SessionMap
whenbeforeResult
is executed. You have also didn't update Struts2 action context that keeps aSessionMap
object.If your action class implements
SessionAware
then a session map is injected into the action instance. If you use the reference then it should also be updated. If you useActionContext
then update an action context.It you create a new
SessionMap
object then a new http session will be initialized inside, but you loose attributes from the old session.If you want to know how to renew a
SessionMap
that will use a new http session and transfer the old session attributes then see Struts 2 session invalidation with setting request session to a new session answer.