-1

i want to know what is __flexSession attribute in httpsession. Working on an application front is flex, wildfly10 is application server and back end is java. HttpSession has an attribute with name of __flexSession, which has HttpFlexSession object.which seems clone of HttpSession.After invalidation of HttpSession whenever I invalidate HttpFlexSession I got this exception. java.lang.IllegalStateException: WFLYCLWEBUT0001: Session KvLvpquLBKMYJ_APyZ6jzxhenh3cRIjoZtHkdAf3 is invalid at org.wildfly.clustering.web.undertow.session.DistributableSession.validate(DistributableSession.java:55) at org.wildfly.clustering.web.undertow.session.DistributableSession.getAttribute(DistributableSession.java:142) at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122) at com.os.sp.web.servlet.SessionInvalidateServlet.doPost(SessionInvalidateServlet.java:58) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

user3311231
  • 33
  • 1
  • 8
  • HttpSession session = request.getSession(false); – user3311231 Feb 28 '18 at 06:54
  • HttpSession session = request.getSession(false); HttpFlexSession flexSession = (HttpFlexSession)session.getAttribute("__flexSession"); session.invalidate(); flexSession.invalidate(); – user3311231 Feb 28 '18 at 07:00
  • I'd say an internal attribute that you're **not** supposed to be touching. Why do you want to invalidate it anyway, isn't the HTTP session enough? – Kayaman Feb 28 '18 at 07:08
  • Ok it is internal.It’s also a session type of HttpFlexSession. If I will not invalidate it when this session will be invalidated. – user3311231 Feb 28 '18 at 07:36
  • This problem is resolved "__flexSession" is auto created attribute it contains a session which is replica of main session (parent session). If you will invalidate the session it will automatically invalidate the session contain by "__flexSession" attribute. If you will invalidate the session contain by "__flexSession" attribute it will invalidate its parent also. It’s just a theory but the problem is how you can ensure both sessions are invalidated. So to overcome this doubt solution is first of all isolate both sessions to each other than invalidate one by one as – user3311231 Mar 07 '18 at 11:59
  • HttpFlexSession flexSession = (HttpFlexSession) session.getAttribute("__flexSession"); session.removeAttribute("__flexSession"); session.invalidate(); if(flexSession !=null && flexSession.isValid()) flexSession.invalidate( ); – user3311231 Mar 07 '18 at 12:00

1 Answers1

0

This problem is resolved "__flexSession" is auto created attribute it contains a session which is replica of main session (parent session). If you will invalidate the session it will automatically invalidate the session contain by "__flexSession" attribute. If you will invalidate the session contain by "__flexSession" attribute it will invalidate its parent also. It’s just a theory but the problem is how you can ensure both sessions are invalidated. So to overcome this doubt solution is first of all isolate both sessions to each other than invalidate one by one as

user3311231
  • 33
  • 1
  • 8
  • HttpFlexSession flexSession = (HttpFlexSession) session.getAttribute("__flexSession"); session.removeAttribute("__flexSession"); session.invalidate(); if(flexSession !=null && flexSession.isValid()) flexSession.invalidate( ); – user3311231 Mar 07 '18 at 12:02