Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73785

In case of having Liferay installed in weblogic with cookies disabled and url with sessionId enabled, the jsessionid url parameter is truncated

    Details

    • Branch Version/s:
      7.0.x, 6.2.x
    • Backported to Branch:
      Committed
    • Story Points:
      1.25
    • Fix Priority:
      4
    • Application Servers:
      Oracle Weblogic Server 10.0, Oracle Weblogic Server 10.3, Oracle Weblogic Server 11g (10.3.1), Oracle Weblogic Server 11gR1 (10.3.x), Oracle Weblogic Server 12c (12.1.x), Oracle Weblogic Server 12c R2 (12.2.x)

      Description

      In case of having weblogic with cookies disabled and url with sessionId enabled:

      session.enable.persistent.cookies=false
      session.enable.url.with.session.id=true
      

      in all URLs, the generated jsessionid parameter is truncated from first "!", but we should not truncate it.

      Detailed explanation of bug:
      The jsessionid in weblogic has following format:

      JSESSIONID=SESSION_ID!PRIMARY_JVMID_HASH!SECONDARY_JVM_HASH!CREATION_TIME

      (more info, see: https://stackoverflow.com/questions/6429990/weblogic-jsessionid)

      Liferay truncates this identifier from first " ! " due some memory leak bugs (LPS-18587 and LPS-36492) so we are wrapping session object and always returning only the fragment up to first " ! " character.

      But the side effect of this solution is in case of deactivating cookies and enabling URL with sessionId, we are also truncating the jsessionId identifier, new requests to weblogic are losing the PRIMARY_JVMID_HASH and SECONDARY_JVM_HASH information.

      This is problematic for weblogic clusters because it is losing the routing information (hashes of primary and secondary server)

      Steps to reproduce

      1. Install Liferay in weblogic
      2. Configure in portal-ext.properties following properties:
        session.enable.persistent.cookies=false
        session.enable.url.with.session.id=true
        
      3. Start Liferay and click any link:
        • Expected behavior: Link has jsessionid parameter with "!" sections (for example: BBp9TAACMTglQ2TDFAKR4tpyXg73LZDQJ2PtT9x8htG1tWY122aa!869187422!1308677666322)
        • Wrong behavior: Link has jsessionid parameter without any "!" sections (for example: BBp9TAACMTglQ2TDFAKR4tpyXg73LZDQJ2PtT9x8htG1tWY122aa)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lu.liu Lu Liu
              Reporter:
              jorge.diaz Jorge Diaz
              Participants of an Issue:
              Recent user:
              Csaba Turcsan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 13 weeks, 2 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 DXP FP28
                  7.0.X EE
                  7.0.4 CE GA5
                  7.1.X
                  Master