Null session scope when attempting to update the last visit

Description

This seems to occur only when a session has been established but then a page is visited after the session expiration. In this case, I was testing some apps, switched contexts to address a BL bug and then this error appeared when I came back a half our later and refreshed the page.

java.lang.NullPointerException: Cannot invoke "ortus.boxlang.runtime.scopes.SessionScope.put(ortus.boxlang.runtime.scopes.Key, Object)" because "this.sessionScope" is null
	at ortus.boxlang.runtime.application.Session.updateLastVisit(Session.java:132)
	at ortus.boxlang.runtime.application.Session.start(Session.java:145)
	at ortus.boxlang.runtime.application.BaseApplicationListener.initializeSession(BaseApplicationListener.java:443)
	at ortus.boxlang.runtime.application.BaseApplicationListener.createOrUpdateSessionManagement(BaseApplicationListener.java:336)
	at ortus.boxlang.runtime.application.BaseApplicationListener.defineApplication(BaseApplicationListener.java:256)
	at ortus.boxlang.runtime.services.ApplicationService.createApplicationListener(ApplicationService.java:300)
	at ortus.boxlang.runtime.context.RequestBoxContext.loadApplicationDescriptor(RequestBoxContext.java:214)
	at ortus.boxlang.web.WebRequestExecutor.execute(WebRequestExecutor.java:75)
	at ortus.boxlang.servlet.BoxLangServlet.service(BoxLangServlet.java:114)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at org.cfmlprojects.regexpathinfofilter.RegexPathInfoFilter.doFilter(RegexPathInfoFilter.java:54)
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at runwar.undertow.SSLCertHeaderHandler.handleRequest(SSLCertHeaderHandler.java:161)
	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:175)
	at io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at runwar.undertow.WelcomeFileHandler.handleRequest(WelcomeFileHandler.java:49)
	at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:104)
	at runwar.undertow.SiteDeployment$1.handleRequest(SiteDeployment.java:164)
	at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:141)
	at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:141)
	at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113)
	at io.undertow.server.handlers.DisallowedMethodsHandler.handleRequest(DisallowedMethodsHandler.java:62)
	at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113)
	at io.undertow.server.handlers.encoding.EncodingHandler.handleRequest(EncodingHandler.java:72)
	at runwar.undertow.LifecyleHandler.handleRequest(LifecyleHandler.java:143)
	at runwar.undertow.SiteDeployment$4.handleRequest(SiteDeployment.java:354)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:395)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:854)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449)
	at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
	at java.base/java.lang.Thread.run(Thread.java:1583)

Activity

Show:

Brad WoodJanuary 11, 2025 at 5:44 AM

We can put in defensive coding, but I’m afraid it may just cover up the real problem. I want to know why the sessionsCache.getOrSet() call in the Appication.getOrCreateSession() method returned a shutdown session in the first place. It would appear invalid sessions are getting left in the cache in the first place.

Jon ClausenJanuary 10, 2025 at 8:37 PM

We probably just need some defensive coding to restart or rotate it, if it’s not in a usable state.

Jon ClausenJanuary 10, 2025 at 8:37 PM

From what I can see the session was in the cache, still, but it had been shutdown.

Luis MajanoJanuary 10, 2025 at 8:07 PM

Seems weird, since the at ortus.boxlang.runtime.application.BaseApplicationListener.initializeSession(BaseApplicationListener.java:443) should have initialized the session if it didn’t exist in cache. Thoughts?

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
Luis Majano
Reporter
Jon Clausen
Fix versions
1.0.0-Beta26
Priority
Major

Sentry

Created January 10, 2025 at 6:59 PM

Updated January 14, 2025 at 9:56 PM

Resolved January 14, 2025 at 9:56 PM

Configure

Null session scope when attempting to update the last visit

Description

Activity

Brad WoodJanuary 11, 2025 at 5:44 AM

Jon ClausenJanuary 10, 2025 at 8:37 PM

Jon ClausenJanuary 10, 2025 at 8:37 PM

Luis MajanoJanuary 10, 2025 at 8:07 PM

DetailsAssigneeLuis MajanoLuis MajanoReporterJon ClausenJon ClausenFix versions1.0.0-Beta26PriorityMajor

Details

Assignee

Reporter

Fix versions

Priority

Sentry Linked Issues

Sentry

Details
Assignee
Luis Majano
Reporter
Jon Clausen
Fix versions
1.0.0-Beta26
Priority
Major

Sentry