hazelcast cluster with vertx when logout goes through infinite cycles

40 views
Skip to first unread message

fadel....@productionstmv.com

unread,
Feb 14, 2018, 8:57:59 AM2/14/18
to vert.x
Hi 

I have a strange problem with hazelcast cluster.

when logout RoutingContext.clearUser() is called in AuthHandle.authenticate then RoutingContext.reroute to restart the context is called but next it will still have the user assigned old value and it will go through the same cycle infinitely while working fine in none-clustered mode.


<code>
authProvider.authenticate(credentials, authResultHanlder -> {
   if (routingContext.user() != null) {
     routingContext.session().destroy();
     routingContext.removeCookie(SESSION_COOKIE_NAME);
     routingContext.clearUser();
     routingContext.reroute(routingContext.request().path()); // restart current Router. It will create new session
   } else {
      // assign new user and
      // authorize(...) 
      // routingContext.next
   }
});
</code>

this code is executed inside MyAuthHandlerImpl handle method

in cluster mode, the reroute will cause this method to be called again but user will still be assigned, so it will go into infinite loops of calling. 
while in normal mode, next call the user is gone and processing goes without any problem

for now to solve the problem I did this

routingContext.session().destroy();
routingContext.removeCookie(WebConfig.SESSION_COOKIE_NAME);
routingContext.clearUser();

if (routingContext.vertx()!=null && routingContext.vertx().isClustered()) { // checking routingContext.vertx()!=null is necessary for unit test
    routingContext.response().putHeader("Refresh", "0").end();
} else {
    routingContext.reroute(routingContext.request().path()); // restart current Router. It will create new session
}

but this is not ideal

any thoughts about this

P.S. my authentication handler is set like this

userSessHandler = UserSessionHandler.create(AuthProvider.newInstance(myAuthHandlerImpl))
router.route().handler(userSessHandler);
beside adding other handlers such as CorsHandler, cookieHandler,..


thanks

Paulo Lopes

unread,
Feb 15, 2018, 10:34:55 AM2/15/18
to vert.x
The issue here is that session invalidation is an async task and is not waiting for the confirmation from the backend storage so when reroute is called (which is a sync call to complicate things even further) then the previous update is not propagated properly.

This requires a proper design between reroute and sessions.

I suggest that you open an issue in vertx web so we can work on this.

fadel....@productionstmv.com

unread,
Feb 15, 2018, 11:21:31 AM2/15/18
to vert.x
Thank you for your reply.
I will open an issue at https://github.com/vert-x3/vertx-web/issues/ shortly

regards
  Tammam
Reply all
Reply to author
Forward
0 new messages