|Title|Users prematurely logged out at random
|Date|29-Mar-2007 18:51:46 EEST
|Version|2.4.100
|Submitter|71.182.134.10
|[Bug criticality]|BadBug
|Browser version|Safari 2.0.4
|[Bug status]|ClosedBug
|[PageProvider] used|com.ecyrd.jspwiki.providers.CachingProvider
|Servlet Container|Tomcat 5.5.20
|Operating System|Debian GNU/Linux 3.1
|URL|
|Java version|JDK 1.5.0_09

We have a wiki where all users are required to be authenticated. The session timeout is 3 hours, so that users don't need to reathenticate frequently.\\

When we upgraded from 2.4.82 to 2.4.100, the wiki started asking users to re-login very quickly, sometimes after only a few minutes, sometimes after an hour.\\

The problem seems to be random--sometimes many users will lose their login at the same moment, sometimes only a few. When multiple logouts happen, they seem to happen at the same time.\\

The problem seems to happen more frequently when the wiki is doing more work--lots of folks editing pages at the same time.\\

When we rolled back to the intermediate version 2.4.91, the problem *seemed* to disappear.\\

I saw that in version 2.4.97, this was added: "WikiEventDelegate now stores all listeners as WeakReferences". Speaking out of my own ignorance, the bug we're seeing looks like a weak reference being reclaimed too soon. Is there any way to log when these weak references are reclaimed, so that we could corelate that with the time that a user reports being logged out? Or can we get the wiki to log when (and why) sessions are discarded, so that we can pin down what's going on?\\



----

The thing is that the EventManager does not manage sessions.  The switch to WeakReferences was mandatory because the sessions were not being released ''at all'', which results in a pretty bad memory leak.

My guess is that SessionMonitor is at fault here, but it'll take a bit of thinking.

--JanneJalkanen, 29-Mar-2007


----

Can you please check out the JSPWIKI_2_4_BRANCH and check if that helps?  I committed a possible fix to 2.4.101, but I'd like you to test it in your environment before release.

--JanneJalkanen, 29-Mar-2007


----

[Waiting for bug reporter|Bugs Pending Bug Reporter]

--HarryMetske, 30-Mar-2007


----

That was fast--thanks.\\

I've installed it on a test wiki, and three of us were able to push the wiki fairly hard. There was one case of logout, but it was not reproducible, and on the whole the "2.4.101" version seems much more reliable than 2.4.100.\\

We hope to do a more rigorous stress test next week when we have more users available, but we're reasonably sure the bug's gone.\\


--Steve Dahl, 30-Mar-2007


----

Thanks for the quick response, let us wait until next week for a few more test results.

--HarryMetske, 30-Mar-2007


----

We ran further tests on this version. On 2.4.100, we could quickly reproduce the bug with four users working simultaneously. Today, with five users working for a longer session, no one was logged out even once.\\

We don't feel that further testing is going to increase our confidence in this fix. If you'd like us to run tests on a 2.4.100 wiki that has been instrumented to log the condition that 2.4.101 corrects, to show that we're encountering the same bug you've fixed, we'd be happy to do that. But at this point, we aren't planning to do further testing on the test wiki.\\

Thanks again for the fast response.\\


--Steve Dahl, 03-Apr-2007


----

Steve, Harry -- Janne and I had a little private e-mail exchange about this one. Glad to see that the .101 release fixes the issue. 

--Andrew Jaquith, 03-Apr-2007

----

Closing.  Note that 2.4.102 is now the official stable.

-- JanneJalkanen, 03-Apr-2007