Vaadin 8.8.0 and Jetty 9.4 incompatibility

[padisah]

Vaadin Framework version : 8.8.0 embedded Jetty Version: 9.4.18.v20190429 I also set up: (manually enforce use of Jetty93AsyncSupportWithWebSocket)

ApplicationConfig.PROPERTY_SESSION_SUPPORT = true ApplicationConfig.PROPERTY_ALLOW_SESSION_TIMEOUT_REMOVAL =true ApplicationConfig.PROPERTY_COMET_SUPPORT, = org.atmosphere.container.Jetty93AsyncSupportWithWebSocket"

• Actual behavior Right after loading a page, with WebSocket switched up, Vaadin server responds with Session Expired. No delays, the first push with the protocol upgrade to websocket immediatly has the Session Timout error message.

• Expected behavior Continue push operations using Websocket

Minimal reproducible example: a repo that reproduces the problem: https://github.com/padisah/vaadin-jetty94-failure/

Reason of problem: Jetty 9.3 -> 9.4 version change had a breaking change. They started treating Websocket session NOT as an HttpSession but a different session implementation for websockets. This new implementation doesn't provide JSESSIONID anymore.

Atmosphere has suffered from that change, so they had a fix over that, but Vaadin still tries to look up the HttpSession from the websocket upgraded connection's request.

PushHandler.class line 205 `
private void callWithUi(final AtmosphereResource resource, final PushEventCallback callback, boolean websocket) { AtmosphereRequest req = resource.getRequest(); VaadinServletRequest vaadinRequest = new VaadinServletRequest(req, service); VaadinSession session = null; if (websocket) { // For any HTTP request we have already started the request in the // servlet service.requestStart(vaadinRequest, null); } try { try { session = service.findVaadinSession(vaadinRequest); // here pushandler starts looking up an HttpSession

` above call continues to:

line 949, VaadinService.getWrappedSession

Switching to JSR356AsyncSupport instead starts the application, but the log is constantly filled with error messages realted to failed push operations, and it actually fails with a higher load when multiple browsers need to get pushes frequently. I would rather use a jetty-specific websocket implementation.

references: https://vaadin.com/forum/thread/17053341/session-immediately-expires-after-upgrade-jetty-server-to-9-4-6

https://github.com/Atmosphere/atmosphere/issues/2241

[TatuLund]

The linked Forum discussion is also linked to this issue: https://github.com/vaadin/framework/issues/10898

[swimmesberger]

We are facing the same issue when using the org.apache.felix.http.jetty 4.x.x versions (Jetty 9.4.x) Vaadin Push with Websocket is not working correctly (Session Expired) but if org.apache.felix.http.jetty 3.x.x (Jetty 9.3.x) is used it works as expected.

[padisah]

please take a looke at this: https://github.com/padisah/vaadin-jetty94-failure/tree/JSR356WebsocketInitializer

this one is working with vaadin 8.8.0 and jetty 9.4.x, using JSR356WebsocketInitializer

[swimmesberger]

We would prefer using jetty native without JSR356 because settings up JSR356 in our OSGi environment is pretty tedious.

[padisah]

well, it was tedious with Guice as well ;) If you find a solution, pls give some direction to followers here

[padisah]

I think Jetty93AsyncSupportWithWebSocket is the highest version for jetty support, and as name implies it's 9.3, so we need to wait until Vaadin guys create a Jetty94AsyncSupportWithWebSocket.