tsegismont
commented
2 months ago I spent some time looking into this and here are my findings.
Calling Session.setAccessed in EventBusBrideImpl was added in #382 (Vert.x 3.3). It hasn't been documented nor tested. It leverages an implementation detail of the LocalSessionStore to extend the lifetime of a web Session: this store uses the last accessed time to determine if session data should be removed from memory.
Other session stores (clustered session store, Redis, Infinispan) use TTL attributes of the underlying storage to expire a session. The lifetime is only extended when a session is flushed.
A session is flushed after the HTTP response headers have been sent if:
- the session has been accessed using
RoutingContext#session, or - if the
sessionHandleris not configured for lazy session creation.
So, this behavior can be seen not only with the websocket transport but also with other transports, provided the session handler is lazy and the session is not accessed.
Note that raw WebSocket message exchanges (without SockJS) don't extend the lifetime of a web Session either.
I err on the side of closing this as won't fix. I would advise users who want to extend the lifetime of a session to make the browser send a request to the backend.
Thoughts @vietj @pmlopes ?
cgm-aw
Version
>= 4.5.0 (older are probably also affected)
Context
When using the SockJS event bus bridge, EventBusBridgeImpl#internalHandlePing keeps the web session alive by calling Session#setAccessed However this only works for a local session storage. ClusteredSessionStoreImpl does not honor Session#lastAccessed but rather uses the TTL feature of AsyncMap.
Do you have a reproducer?
Yes please check out https://github.com/cgm-aw/vertx-sessiontimeout-reproducer
Steps to reproduce
Please check out my reproducer, you can reproduce the issue and also see how the mechanism works fine with the local session storage.
Best regards