IllegalStateException: VaadinServiceSession has already been set

I apologize in advance if this is a duplicate of another post. I couldn’t find a good answer to this issue so far.

I am developing an application using Vaadin 7.0.3 and Spring 3 integration. I have used the add-on available at http://vaadin.com/directory#addon/springvaadinintegration.

The application works fine when I log in for the first time or when I try refreshing it. However, when I try to login to the application as the same or other user in the same machine but a different browser, I get the following error:

javax.servlet.ServletException: java.lang.IllegalStateException: VaadinServiceSession has already been set. Old session: com.vaadin.server.VaadinSession@3a18cecd for Vaadin Application Servlet. New session: com.vaadin.server.VaadinSession@32b11287 for Vaadin Application Servlet.
com.vaadin.server.VaadinServlet.handleServiceException(VaadinServlet.java:580)
com.vaadin.server.VaadinServlet.service(VaadinServlet.java:343)
com.vaadin.server.VaadinServlet.service(VaadinServlet.java:201)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

I am running the application in development mode from within Eclipse. I have tried logging into the application from Firefox and IE simultaneously. I am using a custom VaadinServlet as suggested in the spring-vaadin integration. I have tried debugging it and it would appear that for some reasons a new session is not being created if I try logging in from another browser either as the same user or a different one. Not only that it also invalidates my first session; which I was able to login to successfully.

I have been stuck at this issue for the last two days and have spent a lot of time trying to debug this and looking around for answers. Please could you somebody let me know if they have come across this issue? Please let me know if I am doing/missing anything silly here.

Thanks

PS: Please let me know if you need any files from me for further information into this issue.

After some debugging, I got the solution to my problem. The issue was that when you use Spring with default scope, the UI is created as a singleton. This would mean that when you try logging in again into the application in a different browser, the same instance of UI will be attached to a different VaadinSession. This creates problem because the same UI id cannot be used across sessions. Hence the IllegalStateException. In various posts I read earlier, it was indicated that the annotation @Scope should be used but it didn’t seem to make any difference in my case. I had to explicitly set the scope to “session” for the beans in my context.

Also, note that just setting the scope for the UI bean alone is not sufficient. You have to set it for any bean that is children of the main UI e.g., a custom panel, layout etc. Use the scope=“session” attribute in your bean definitions. I am now moving on to implementing a container which is shared across sessions.