Hi, I have bug https://bz.apache.org/bugzilla/show_bug.cgi?id=48007 on recent tomcats.
To reproduce one must: - use PersistentManager in global context.xml - have an object in session only available through a webapp class loader - wait for manager backgroundProcess to call PersistentManagerBase.processExpires > Storebase.processExpires (by default, 6 * 10 seconds) => it fails to unserialize, and removes the session from FileStore. My technical understanding of the issue: getObjectInputStream() is using Thread.currentThread().getContextClassLoader() which is set in FileStore.load() using current Context classLoader This is ok when called by manager.findSession(...) , but Storebase.processExpires() is using current context => it is ok when PersistentManager is in the application specific context.xml => it is wrong when PersistentManager is in global context.xml One can workaround the issue by moving <PersistentManager> from global context.xml to webapp context.xml , as explained here : https://dev.wicket.apache.narkive.com/KXmPFrnQ/problems-with-tomcat-session-persistence-classnotfoundexception-of-secondlevelcachesessionstore If you use PersistentValve, another workaround is to use <Manager processExpiresFrequency="9999999"> + an external cron. Stacktrace with tomcat 9: SEVERE [Catalina-utility-3] org.apache.catalina.session.StoreBase.processExpires Error processing session expiration for key [xxx] java.lang.ClassNotFoundException: org.springframework.security.core.context.SecurityContextImpl at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1339) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1148) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Unknown Source) at org.apache.catalina.util.CustomObjectInputStream.resolveClass(CustomObjectInputStream.java:149) at java.base/java.io.ObjectInputStream.readNonProxyDesc(Unknown Source) at java.base/java.io.ObjectInputStream.readClassDesc(Unknown Source) at java.base/java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.base/java.io.ObjectInputStream.readObject0(Unknown Source) at java.base/java.io.ObjectInputStream.readObject(Unknown Source) at java.base/java.io.ObjectInputStream.readObject(Unknown Source) at org.apache.catalina.session.StandardSession.doReadObject(StandardSession.java:1268) at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.java:846) at org.apache.catalina.session.FileStore.load(FileStore.java:203) at org.apache.catalina.session.StoreBase.processExpires(StoreBase.java:138) at org.apache.catalina.session.PersistentManagerBase.processExpires(PersistentManagerBase.java:409) at org.apache.catalina.session.ManagerBase.backgroundProcess(ManagerBase.java:595) at org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:4823) .......... It would be nice in my use-cases to be able to configure globally PersistentManager. It would be enough for us to have an option to disable Storebase.processExpires(), but it may be somewhat ugly... cu Pascal Rigaux. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
