problems with session handling - HttpSession and a Session been created by Websockets

Question

i hope someone has an answer to my problem. In our gwt-webapp we use normally the HttpSession to create a user session. So if someone wants to log into our game, we set a session via HttpSession

public void setSessionID(String id) {HttpSession httpSession = getThreadLocalRequest().getSession(true); httpSession.setAttribute("id", id); }

The order of the views is: LoginView-> HomeView -> LobbyView

Now when going into the lobby, he will be connected with the chat via a websocket Connection. The problem now is, that the websocketConnection will also create a sessionObject i think. Testing the app on a jetty v-8.1.2.v20120308 shows:

if the first user log into the game and join directly the lobby with chatfunction and another user do it the same way, they can chat with each other- so everything looks fine...

but if the two users log into the game at the same time before someone joined the lobby, and then join the lobby, the second one who has entered the lobby gets all the parameters of the first user who has entered, so that there are both user with the same identity... dont know whats going wrong there. It seems that the websocketSession from the first user overrides the httpSession from the login of the second player... thanks for any solutions or ideas which problem this could might be.

Answer 1

This is a bug in Jetty which clear/destroy everything after the handshake. The solution is to close the session at that moment and wrap the request with that fake session. You can also use the Atmosphere Framework[1], which transparently fixes that for you (and much more.

-- Jeanfrancois

[1] https://github.com/Atmosphere/atmosphere