lams-github / lams_common / src / java / org / lamsfoundation / lams / web

session

Clone Tools

Stats

Commits this week: 0
Total Committers: 9
Last Commit:
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 16 Jan 2024
5:38 pm

Marcin Cieslak

LDEV-5440 Revert some unnecessary package name changes

Options
    • -1
    • +1
    ./SessionManager.java
    • -1
    • +1
    ./SystemSessionFilter.java
  3. … 463 more files in changeset.
5:01 pm

Marcin Cieslak

LDEV-5440 Refactor packages of imported classes

Options
    • -1
    • +1
    ./SessionManager.java
    • -1
    • +1
    ./SystemSessionFilter.java
  3. … 480 more files in changeset.
Monday 15 Jan 2024
11:11 pm

Marcin Cieslak

LDEV-5440 Rewrite config files and library references

Options
    • -5
    • +5
    ./SessionManager.java
    • -10
    • +10
    ./SystemSessionFilter.java
  3. … 954 more files in changeset.
Saturday 14 Oct 2023
2:05 pm

Marcin Cieslak

LDEV-5204 Fix leader finished detection

Also fix misleading session invalidated warnings

Options
    • -8
    • +7
    ./SystemSessionFilter.java
  2. … 4 more files in changeset.
Thursday 23 Mar 2023
11:06 pm

Marcin Cieslak

LDEV-5260 Prevent EventStream retransmission from invalidating session

Event Stream, which LAMS uses for reactive communication via Flux, keeps

a line open between browser and LAMS. If this line is considered

stalled, usually because there is no interaction neither on back nor on

front end, it closes. It happens after about 5 minutes.

If in the meantime the teacher navigated to another LAMS lesson via LMS,

he/she gets reauthenticated via integrations mechanism and gets a new

HTTP session ID. This works fine and allows working on multiple

monitoring windows via LMS.

If now the stalled Event Stream sends a message to LAMS, it uses the old

session ID, not the new one. It happens even when the monitoring window

where the Event Stream was created gets closed. It is a browser

"feature".

This request with old session ID gets picked up by LAMS double login

prevention mechanism. LAMS does not allow users to be logged in to same

account on two browsers. And this Event Stream retransmission looks like

a double login. So LAMS invalidates the correct current session.

It results in teacher getting logged out from the monitoring window and

getting the login page on refresh.

The fix is just throwing an exception on Event Stream retransmission

which would otherwise invalidate the current session. It should be good

enough as the Event Stream does not need a valid response, no one is

waiting for one anymore.

Options
    • -0
    • +8
    ./SessionManager.java
    • -4
    • +7
    ./SystemSessionFilter.java
Saturday 26 Nov 2022
7:10 pm

Marcin Cieslak

LDEV-5200 Prevent invalidated session error from propagating

There seems to be a problem with Infinispan session invalidation similar

to this

https://issues.redhat.com/browse/UNDERTOW-478

We already have got a patched version, but similar problems occur. They

probably have to do with async servlet processing.

Until we upgrade WildFly we need to keep these safety measures.

Options
    • -1
    • +3
    ./SessionManager.java
    • -3
    • +21
    ./SystemSessionFilter.java
7:10 pm

Marcin Cieslak

LDEV-5200 Prevent invalidated session error from propagating

There seems to be a problem with Infinispan session invalidation similar

to this

https://issues.redhat.com/browse/UNDERTOW-478

We already have got a patched version, but similar problems occur. They

probably have to do with async servlet processing.

Until we upgrade WildFly we need to keep these safety measures.

Options
    • -1
    • +3
    ./SessionManager.java
    • -3
    • +21
    ./SystemSessionFilter.java
Thursday 24 Nov 2022
7:04 pm

Marcin Cieslak

LDEV-4408 Allow listing invalidated sessions

Options
    • -5
    • +13
    ./SessionManager.java
7:04 pm

Marcin Cieslak

LDEV-4408 Allow listing invalidated sessions

Options
    • -5
    • +13
    ./SessionManager.java
Tuesday 11 Jan 2022
7:24 pm

Marcin Cieslak

LDEV-4293 Skip session creation when displaying error page

If the error was HTTP session being stale or incorrectly invalidated, we

should not try to use the same session to display the error page. The

error page should not require a session at all.

Also if making a decision which session to invalidate in case of double

login, always invalidate the other session and not current one as

otherwise it can lead to a loop of self-invalidating sessions.

Options
    • -17
    • +6
    ./SessionManager.java
    • -1
    • +12
    ./SystemSessionFilter.java
  3. … 1 more file in changeset.
Monday 18 Oct 2021
6:31 pm

Marcin Cieslak

LDEV-3656 Clean up invalidated session from internal tracking mapping

These session should have been removed from the mapping when

SessionListener is called. Sometimes the listener is not called due to

WildFly internal bugs. We are left with a long list of stale sessions.

We should periodically clean up the mapping. Making it happen on runtime

stats fetch is as place as any other, plus it happens periodically.

Options
    • -0
    • +14
    ./SessionManager.java
  2. … 1 more file in changeset.
Thursday 12 Dec 2019
12:26 am

Andrey Balan

Merge branch 'master' into develop

# Conflicts:

# lams_admin/conf/language/lams/ApplicationResources.properties

# lams_admin/conf/language/lams/ApplicationResources_el_GR.properties

# lams_admin/conf/language/lams/ApplicationResources_en_AU.properties

# lams_tool_laqa/web/learning/LearnerRep.jsp

# lams_tool_laqa/web/learning/RevisitedLearnerRep.jsp

# lams_tool_mindmap/conf/language/lams/ApplicationResources.properties

# lams_tool_nb/conf/language/lams/ApplicationResources.properties

# lams_tool_notebook/conf/language/lams/ApplicationResources.properties

# lams_tool_pixlr/conf/language/lams/ApplicationResources.properties

# lams_tool_pixlr/conf/language/lams/ApplicationResources_el_GR.properties

# lams_tool_scratchie/conf/language/lams/ApplicationResources_el_GR.properties

# lams_tool_scribe/conf/language/lams/ApplicationResources.properties

# lams_tool_spreadsheet/conf/language/lams/ApplicationResources.properties

# lams_tool_survey/conf/language/lams/ApplicationResources.properties

# lams_tool_task/conf/language/lams/ApplicationResources.properties

# lams_tool_task/conf/language/lams/ApplicationResources_el_GR.properties

# lams_tool_vote/conf/language/lams/ApplicationResources.properties

# lams_tool_wiki/conf/language/lams/ApplicationResources.properties

# lams_tool_wiki/conf/language/lams/ApplicationResources_el_GR.properties

Options
    • -8
    • +21
    ./SessionManager.java
  2. … 17 more files in changeset.
Wednesday 11 Dec 2019
4:42 pm

Marcin Cieslak

LDEV-4293 Prevent session invalidation exceptions from propagating

It seems that WildFly distributed session management may have bugs. On

session invalidation there is an attempt to close a websocket channel,

even if it does not exist. If it happens, an user gets in an endless

loop of accessing error.jsp page, trying to get session, trying to

invalidate his previous session, getting an error etc. We should at

least prevent the user from getting a visible error and let him try to

create a new session.

Options
    • -8
    • +21
    ./SessionManager.java
Friday 22 Nov 2019
5:00 pm

Marcin Cieslak

Merge remote-tracking branch 'origin/master' into develop

Options
    • -3
    • +10
    ./SessionManager.java
  2. … 1 more file in changeset.
4:08 pm

Marcin Cieslak

LDEV-4912 Add session time information to Logged In Users in sysadmin

Options
    • -3
    • +10
    ./SessionManager.java
  2. … 2 more files in changeset.
Tuesday 05 Nov 2019
11:25 pm

Marcin Cieslak

Merge remote-tracking branch 'origin/master' into develop

Conflicts:

lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java

Options
    • -18
    • +14
    ./SessionManager.java
  2. … 1 more file in changeset.
6:52 pm

Marcin Cieslak

LDEV-4901 Rewrite session invalidation mechanism

On WildFly 8 session invalidation mechanism had some bugs. Marek

introduced a workaround in LDEV-3413. The mechanism was adjusted in

LDEV-4293, especially in this commit

https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=131ce42e64069f574a2a4a9bc1e5c4be4918e5bb

Newer WildFly versions do not seem to have this bug. A part of

workaround was removed in LDEV-4696, but invalidation mechanism stayed

as if the bugs were still present. The mechanism introduced the problem

with timeouts. Now that the bugs seems to be gone, the invalidation

mechanism was rewritten to a more straightforward version which should

have been used from the start.

It is worth keeping in mind that when one user session is present and

another is being created (another browser, integration call, sysadmin's

LoginAs feature), then user gets authenticated, then old session gets

invalidated and the user gets authenticated AGAIN by WildFly using

cached credentials. Caching is so useful that we can not turn it off. It

means that, though, we need to keep login token generated by

LoginRequestServlet for longer than just first authentication, as we get

authentication call twice. Now we keep it until it is timed out.

Options
    • -18
    • +14
    ./SessionManager.java
  2. … 3 more files in changeset.
Thursday 18 Apr 2019
1:59 pm

Marcin Cieslak

Merge remote-tracking branch 'origin/master' into develop

Options
    • -2
    • +9
    ./SessionManager.java
  2. … 3 more files in changeset.
Wednesday 17 Apr 2019
4:58 pm

Marcin Cieslak

LDEV-3468 Rewrite and add counters to runtimes stats

Options
    • -7
    • +14
    ./SessionManager.java
  2. … 1 more file in changeset.
Friday 01 Feb 2019
10:02 pm

Marcin Cieslak

LDEV-4767 Add login and logout event logs

Options
    • -6
    • +8
    ./SessionManager.java
  2. … 4 more files in changeset.
Friday 19 Oct 2018
5:38 pm

Marcin Cieslak

Merge branch 'lams31' into LDEV-4440

Conflicts:

lams_admin/web/sessionmaintain.jsp

lams_build/build.xml

lams_build/lib/lams/lams.jar

lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeAction.java

lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/action/GradebookAction.java

lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/action/McLearningAction.java

lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/action/McMonitoringAction.java

Options
    • -3
    • +14
    ./SessionManager.java
  2. … 17 more files in changeset.
4:20 pm

Marcin Cieslak

LDEV-4693 Add name in logged in user list in sysadmin

Options
    • -3
    • +14
    ./SessionManager.java
  2. … 2 more files in changeset.
Saturday 21 Apr 2018
6:33 pm

Marcin Cieslak

Monthly merge from master to lams31

Conflicts:

lams_build/conf/slim/standalone.xml

lams_build/conf/standalone.xml

lams_build/lib/lams/lams-central.jar

lams_build/lib/lams/lams.jar

lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java

lams_central/src/java/org/lamsfoundation/lams/authoring/template/web/LdTemplateAction.java

lams_central/src/java/org/lamsfoundation/lams/authoring/template/web/TBLTemplateAction.java

lams_central/src/java/org/lamsfoundation/lams/authoring/web/AuthoringAction.java

lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java

lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java

lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/action/MonitoringAction.java

lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/service/ScratchieServiceImpl.java

Options
    • -10
    • +23
    ./SessionManager.java
  2. … 20 more files in changeset.
Tuesday 27 Mar 2018
2:24 pm

Marcin Cieslak

LDEV-4293 Clear login mapping even if user DTO is not present

Options
    • -1
    • +15
    ./SessionManager.java
  2. … 2 more files in changeset.
Monday 09 Oct 2017
9:14 pm

Marcin Cieslak

LDEV-4293 Tune session log out

Make sure mapping login->session is cleared in certain situations.

Check if a session already exists for the given login. If so, invalidate

one of the sessions.

Options
    • -5
    • +21
    ./SessionManager.java
  2. … 2 more files in changeset.
4:23 pm

Marcin Cieslak

LDEV-4293 Rewrite session invalidation mechanism

Server-side non-current session invalidation does not work well on

clustered WildFly 10. It breaks Infinispan distributed session cache and

makes a logged out user clear LAMS cookies, otherwise he/she gets a

blank screen. See WFLY-7281 and WFLY-7229.

So instead of invalidating a session we mark it for invalidation. The

next time the user tries to use it, the session gets invalidated and the

user gets an error screen (not a very clean solution, but more effective

than another filter which would nicely redirect the user to logout

screen).

This solution seems to work nicely if both browsers interact with the

same node. Since we use distributed session for failover rather than

replication, it should be OK.

Options
    • -12
    • +14
    ./SessionManager.java
  2. … 3 more files in changeset.
Monday 11 Sep 2017
11:51 am

Marcin Cieslak

LDEV-4293 Change place where session gets mapped to login

UniversalLoginModule can be accessed without going through SsoHandler

when a session gets replicated. It means that it misses login ->

sessionID mapping which is needed for double login detection. The code

was rewritten to make sure login is properly mapped. It may be optimised

later so the mapping does not happen on every session start.

Options
    • -7
    • +3
    ./SessionManager.java
  2. … 1 more file in changeset.
Sunday 10 Sep 2017
12:29 pm

Marcin Cieslak

Merge LDEV-4408 into lams31

Options
    • -0
    • +13
    ./SessionManager.java
  2. … 1 more file in changeset.
12:22 pm

Marcin Cieslak

LDEV-4408 Implement session list in sysadmin

Options
    • -1
    • +14
    ./SessionManager.java
  2. … 7 more files in changeset.
Saturday 09 Sep 2017
4:46 pm

Marcin Cieslak

LDEV-4400 Update session ID after is gets changed

In LAMS we keep a mapping between session ID and session object. Session

ID gets changed after log in to prevent session fixation attack. We need

to update the mapping too.

Options
    • -22
    • +41
    ./SessionManager.java
  2. … 1 more file in changeset.