This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]
TitleUsers prematurely logged out at random
Date29-Mar-2007 18:51:46 EEST
Bug criticalityBadBug
Browser versionSafari 2.0.4
Bug statusOpenBug
PageProvider usedcom.ecyrd.jspwiki.providers.CachingProvider
Servlet ContainerTomcat 5.5.20
Operating SystemDebian GNU/Linux 3.1
Java versionJDK 1.5.0_09

We have a wiki where all users are required to be authenticated. The session timeout is 3 hours, so that users don't need to reathenticate frequently.

When we upgraded from 2.4.82 to 2.4.100, the wiki started asking users to re-login very quickly, sometimes after only a few minutes, sometimes after an hour.

The problem seems to be random--sometimes many users will lose their login at the same moment, sometimes only a few. When multiple logouts happen, they seem to happen at the same time.

The problem seems to happen more frequently when the wiki is doing more work--lots of folks editing pages at the same time.

When we rolled back to the intermediate version 2.4.91, the problem *seemed* to disappear.

I saw that in version 2.4.97, this was added: "WikiEventDelegate now stores all listeners as WeakReferences". Speaking out of my own ignorance, the bug we're seeing looks like a weak reference being reclaimed too soon. Is there any way to log when these weak references are reclaimed, so that we could corelate that with the time that a user reports being logged out? Or can we get the wiki to log when (and why) sessions are discarded, so that we can pin down what's going on?

The thing is that the EventManager does not manage sessions. The switch to WeakReferences was mandatory because the sessions were not being released at all, which results in a pretty bad memory leak.

My guess is that SessionMonitor is at fault here, but it'll take a bit of thinking.

--JanneJalkanen, 29-Mar-2007

Can you please check out the JSPWIKI_2_4_BRANCH and check if that helps? I committed a possible fix to 2.4.101, but I'd like you to test it in your environment before release.

--JanneJalkanen, 29-Mar-2007

Waiting for bug reporter

--HarryMetske, 30-Mar-2007

That was fast--thanks.

I've installed it on a test wiki, and three of us were able to push the wiki fairly hard. There was one case of logout, but it was not reproducible, and on the whole the "2.4.101" version seems much more reliable than 2.4.100.

We hope to do a more rigorous stress test next week when we have more users available, but we're reasonably sure the bug's gone.

--Steve Dahl, 30-Mar-2007

Thanks for the quick response, let us wait until next week for a few more test results.

--HarryMetske, 30-Mar-2007

We ran further tests on this version. On 2.4.100, we could quickly reproduce the bug with four users working simultaneously. Today, with five users working for a longer session, no one was logged out even once.

We don't feel that further testing is going to increase our confidence in this fix. If you'd like us to run tests on a 2.4.100 wiki that has been instrumented to log the condition that 2.4.101 corrects, to show that we're encountering the same bug you've fixed, we'd be happy to do that. But at this point, we aren't planning to do further testing on the test wiki.

Thanks again for the fast response.

--Steve Dahl, 03-Apr-2007

Steve, Harry -- Janne and I had a little private e-mail exchange about this one. Glad to see that the .101 release fixes the issue.

--Andrew Jaquith, 03-Apr-2007

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 03-Apr-2007 05:38 by Andrew Jaquith.