Session timeout in 3.5.2.1

38 views
Skip to first unread message

Linda Toth

unread,
Oct 25, 2016, 5:14:59 PM10/25/16
to CAS Community
Good afternoon,

I am not clear how session timeouts are handled in 3.5.2.1.  In 3.4.2.1, I set the web session timeout in the web.xml file:

<session-config>

                <!-- Default to 5 minute session timeouts -->

                <session-timeout>15</session-timeout>

        </session-config>


However, I am not configuring the session appropriately in 3.5.2.1.  I see this message in the logs for most users: 

Terminate web session <session ID> in 2 seconds.  

But, on occasion we have a situation where a user is successfully logged in, but the session has expired and they receive a Successful login message rather than the target URL.  If they happen to hit the back arrow or enter the target URL again, they are presented with the desired web page.  When this situation occurs, the following can be found in the logs:

2016-10-25 12:39:36,327 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - Terminate web session F6D5FDEA46AA09CA982282659B71716E in 2 seconds

2016-10-25 12:39:36,328 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - Error getting service from flow state.

java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended

        at org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191)

        at org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowScope(RequestControlContextImpl.java:134)

        at org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87)

        at org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.java:57)

        at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1)

        at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody0(TerminateWebSessionListener.java:62)

        at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody1$advice(TerminateWebSessionListener.java:57)

        at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateWebSessionListener.java:1)

       at org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionStarted(FlowExecutionListeners.java:126)

        at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:367)

        at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:225)

        at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)

        at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)

        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)

        at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)


After which a normal ticket exchange is recorded for the user:

2016-10-25 12:39:49,568 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: https://beistest.alaska.edu:443/ssomanager/c/SSB

2016-10-25 12:39:49,569 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-1-sifew2ENTApO9awep7SyggYOSKUNBTOuSwJivhWbBsf4fiptC2-cas-test.alaska.edu]

2016-10-25 12:39:49,569 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-1-sifew2ENTApO9awep7SyggYOSKUNBTOuSwJivhWbBsf4fiptC2-cas-test.alaska.edu] found in registry.


What have I missed in the configuration?

Linda


Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775

Ray Bon

unread,
Oct 25, 2016, 6:22:22 PM10/25/16
to cas-...@apereo.org
Linda,

We also received this same log message. I tried a lot of different timeouts but nothing seemed to affect its generation. The message will show up whether the log in session is new, in progress or complete. It never affected the user experience. I eventually just set logging so that it would not be displayed.
If the generic success page is shown instead of the intended service, perhaps the service is not sending the URL when call CAS. (cas/login?service=...)

Ray
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOi1v6O484j-%3D-4jP-sVb1jNoazBHijefK%3D6QZ6MTgM6uYtODA%40mail.gmail.com.

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C023 | rb...@uvic.ca

Linda Toth

unread,
Oct 25, 2016, 6:43:31 PM10/25/16
to Ray Bon, CAS Community
Ray,

Thanks for eliminating the message as being an indicator of anything that might be affecting the outcome.  

I think it must be a timing issue if the CAS service is not sending the URL in time, especially since the hoped for URL will show up by hitting the back arrow.  It is in the works somewhere.

I do think the web session is terminating before all of the exchanges are complete, but I don't know where to set it so the web session lingers for a while.  Our systems are not blazing fast at times.

Linda

Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C023 | rb...@uvic.ca

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/41785ad1-9d52-b988-793b-d7c2803f47c1%40uvic.ca.

Reply all
Reply to author
Forward
0 new messages