Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

State can be shared cross different websockets #157

Open
asvetin opened this issue Nov 8, 2024 · 2 comments
Open

State can be shared cross different websockets #157

asvetin opened this issue Nov 8, 2024 · 2 comments

Comments

@asvetin
Copy link

asvetin commented Nov 8, 2024

This implementation can cause issues and inconsistency. As ServerEndpointConfig is shared across different WebSockets.
It can happen that 2 WebSockets/Sessions will have the same ID

iris-router/src/main/java/org/iris_events/router/ws/WsContainerConfigurator.java

Lines 19 to 25 in 459b8e2

public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
String irisSessionId = UUID.randomUUID().toString();
sec.getUserProperties().put(IRIS_SESSION_ID_HEADER, irisSessionId);
response.getHeaders().put(IRIS_SESSION_ID_HEADER, List.of(irisSessionId));
sec.getUserProperties().put("headers", request.getHeaders());
}

This issue is propagated forward here using EndpointConfig, which is also shared across the requests

iris-router/src/main/java/org/iris_events/router/ws/SocketV1.java

Lines 96 to 100 in 459b8e2

public void onOpen(Session session, EndpointConfig conf) {
try {
final var irisSessionId = (String) conf.getUserProperties().get(IRIS_SESSION_ID_HEADER);
MDC.put(MDCProperties.SESSION_ID, irisSessionId);

@ctomc ctomc mentioned this issue Dec 5, 2024
Merged
@asvetin
Copy link
Author

asvetin commented Dec 9, 2024

@ctomc I think we need to check and fix this one also

iris-router/src/main/java/org/iris_events/router/model/UserSession.java

Lines 97 to 105 in bf37b38

public UserSession(ObjectMapper objectMapper, Session session, Map<String, List<String>> headers) {
this.objectMapper = objectMapper;
this.session = Objects.requireNonNull(session);
this.socketId = (String) session.getUserProperties().get(IRIS_SESSION_ID_HEADER);
this.anonymousUserId = generateAnonymousUserId(socketId);
this.userId = anonymousUserId;
this.anonymous = true;
this.connectedAt = Instant.now();

Once this is called, null is returned

iris-router/src/main/java/org/iris_events/router/model/UserSession.java

Lines 110 to 114 in bf37b38

}
public String getId() {
return socketId;
}

So I guess we have to pass the session ID here

iris-router/src/main/java/org/iris_events/router/ws/SocketV1.java

Lines 120 to 125 in bf37b38

Log.infof("Web socket opened.");
var userSession = websocketRegistry.startSession(session, headers);
conf.getUserProperties().put("user-session", userSession);

@ctomc
Copy link
Member

ctomc commented Dec 9, 2024

You are correct, that needs fixing

@ctomc ctomc mentioned this issue Dec 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctomc @asvetin