I upgraded Struts version 2.3 to 6.0. It's built successfully but when I am trying to login to the application I am getting
UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
on the browser.
I am using wildfly 24+ Struts 6.0
Error stack:
1:21:41,611 INFO [stdout] (default task-1) 2024-02-19 01:21:41,602 ERROR [org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler] Exception occurred during processing request: UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
01:21:41,611 INFO [stdout] (default task-1) java.lang.IllegalStateException: UT000010: Session is invalid HubC5VAM4TUaSwQgPtLbbmAEXTAZii0VTrfXfNJw
01:21:41,611 INFO [stdout] (default task-1) at io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:519) ~[undertow-core-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,611 INFO [stdout] (default task-1) at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,611 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.SessionMap.get(SessionMap.java:157) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,611 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.SessionMap.put(SessionMap.java:175) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.DefaultCspSettings.associateNonceWithSession(DefaultCspSettings.java:90) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.DefaultCspSettings.addCspHeaders(DefaultCspSettings.java:78) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at org.apache.struts2.interceptor.csp.CspInterceptor.beforeResult(CspInterceptor.java:49) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:274) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.TorchTokenSessionStoreInterceptor.doIntercept(TorchTokenSessionStoreInterceptor.java:176) ~[classes:?]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,612 INFO [stdout] (default task-1) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.factory.StrutsActionProxy.execute(StrutsActionProxy.java:48) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:637) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:140) ~[struts2-core-6.0.0.jar:6.0.0]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,613 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.SqlInjectionAndXSSFilter.doFilter(SqlInjectionAndXSSFilter.java:79) ~[classes:?]
01:21:41,613 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at com.ge.hca.torch.presentation.securityfilter.AccessFilter.doFilter(AccessFilter.java:86) ~[classes:?]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.17.1.jar:2.17.1]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,614 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) ~[?:?]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.2.8.Final.jar!/:2.2.8.Final]
01:21:41,615 INFO [stdout] (default task-1) at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.2.8.Final.jar!/:2.2.8.Final]
This is my login action code
if(null==mode)
{
HttpSession session = getServletRequest().getSession(false);
log.debug(session + "" + getServletRequest().getSession(false));
if (null != session)
{
session.invalidate();
}
//removed form above if condition during migration of struts2 as struts1 session was created in locale settings
session = getServletRequest().getSession(true);
}
userVO=(UserVO)getSessionObject(getServletRequest(),TorchConstants.GLOBAL_USERINFO_KEY);
this is my session code of login action parent class code
protected Object getSessionObject(HttpServletRequest req, String attrName) {
HttpSession httpSession = null;
httpSession = req.getSession(false);
Object obj = null;
if (null != httpSession) {
obj = httpSession.getAttribute(attrName);
}
return obj;
}
not getting how to handle this situation.
You are not allowed to use an old session after it was invalidated. In the action you have invalidated a http session.
It is a servlet session object which should be avoided in the typical Struts2 application. Instead you should use a
SessionMap.Then you continued to reuse an old session which was kept in the
SessionMapwhenbeforeResultis executed. You have also didn't update Struts2 action context that keeps aSessionMapobject.If your action class implements
SessionAwarethen a session map is injected into the action instance. If you use the reference then it should also be updated. If you useActionContextthen update an action context.It you create a new
SessionMapobject then a new http session will be initialized inside, but you loose attributes from the old session.If you want to know how to renew a
SessionMapthat will use a new http session and transfer the old session attributes then see Struts 2 session invalidation with setting request session to a new session answer.