Undertow - Session context lifecycle events should be observable from session scoped beans

[manovotn]

Fixes #46363

Contains a test with a reproducer and a draft of a fix.

I don't really like having to store the session like so but that's the only working solution I have found so far...

[mkouba]

So we need a thread local because at this point the ServletRequestContext.requireCurrent().getServletRequest()).getSession(true) returns null or a different session?

[manovotn]

A different session - with true it always creates a new one.
Plus if you try the same invocation with false (to see the session for which you just called session created callback), you will get null at this point 🤷
So we need some way to remember that we already created a session - at least that was my thinking.

[mkouba]

A different session - with true it always creates a new one.

That's weird, it should only create a new one if it does not exist, right? And given that it's called from jakarta.servlet.http.HttpSessionListener.sessionCreated(HttpSessionEvent) I would expect the session to exist...

[manovotn]

That's weird, it should only create a new one if it does not exist, right?

That is pretty much my yesterday thinking in a nutshell :)
Somehow, it ends up creating new session anyway.
You can debug this all the way to io.undertow.servlet.spec.ServletContextImpl#getSession where undertow tries to retrieve existing session first but I didn't manage to understand why it doesn't find it or whether it is right or wrong.

[manovotn]

I don't think we can crack this with our knowledge of servlet/undertow...
I've sent an email question to @fl4via who should hopefully know more about Undertow and how it should behave it this case.