Push/atmosphere seems to restart an HTTP session on logoff/session end

I am trying manual push on Vaadin 7.2.5 and have noted that I seem to get an extra session started when we logoff a user.

In logoff, we close the session and redirect to a logoff JSP that actually ends the HTTP session:

VaadinSession.getCurrent().close();
Page.getCurrent().setLocation(logoutUrl);

But I noted that I end up with a new session started. I tracked it down to a request like this triggering a new session to be created, which appears to come from the PUSH/atmosphere code (I throw the exception when a session is created so I can see where it was coming from) from the URL shown here:

DEBUG localRequestUrl: /demo/ui/PUSH/?v-uiId=0&v-csrfToken=35e857ae-21fb-436f-8d2f-b6e71e1dc310&X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=96a9a204-d5cb-4d45-9a3d-1fcf0fa7f7e3&_=1406493666398

java.lang.Throwable
at com.esignforms.open.servlet.SessionListener.sessionCreated(SessionListener.java:49)
at org.apache.catalina.session.StandardSession.tellNew(StandardSession.java:414)
at org.apache.catalina.session.StandardSession.setId(StandardSession.java:386)
at org.apache.catalina.session.StandardSession.setId(StandardSession.java:367)
at org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:640)
at org.apache.catalina.connector.Request.doGetSession(Request.java:2801)
at org.apache.catalina.connector.Request.getSession(Request.java:2170)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:895)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)
at org.atmosphere.cpr.AtmosphereRequest.getSession(AtmosphereRequest.java:749)
at org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:128)
at org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:95)
at org.atmosphere.container.Servlet30CometSupport.service(Servlet30CometSupport.java:66)
at org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1802)
at com.vaadin.server.communication.PushRequestHandler.handleRequest(PushRequestHandler.java:144)
at com.vaadin.server.communication.PushRequestHandler.handleSessionExpired(PushRequestHandler.java:177)
at com.vaadin.server.VaadinService.handleSessionExpired(VaadinService.java:1517)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1418)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:237)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:615)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:526)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:655)
    at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

DEBUG localRequestUrl: /demo/ui/PUSH/?v-uiId=0&v-csrfToken=35e857ae-21fb-436f-8d2f-b6e71e1dc310
DEBUG localRequestUrl: /demo/ui/PUSH/?v-uiId=0&v-csrfToken=35e857ae-21fb-436f-8d2f-b6e71e1dc310&X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=96a9a204-d5cb-4d45-9a3d-1fcf0fa7f7e3&_=1406493666397

(session is destroyed from my logoff.jsp)

(then this comes in immediately after and a new session is started)

DEBUG localRequestUrl: /demo/ui/PUSH/?v-uiId=0&v-csrfToken=35e857ae-21fb-436f-8d2f-b6e71e1dc310&X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=96a9a204-d5cb-4d45-9a3d-1fcf0fa7f7e3&_=1406493666398

Did you find a solution to this? I have been battling similar issues.

tomcat-8.0.28
java: 1.8.0_60
vaadin 7.5.7
atomosphere: 2.2.7 (vaadin runtime)

I have an application that uses push:
@Push(value = PushMode.MANUAL, transport = Transport.LONG_POLLING)

when the session should auto end (15 minutes, setup in web.xml) it is being kept alive by atmosphere/push with this in catalina.out

Nov 28, 2015 10:18:18 PM com.vaadin.server.communication.AtmospherePushConnection disconnect
INFO: Timeout waiting for messages to be sent to client before disconnect

If you wait long enough after the logout is attempted it will eventually logout, otherwise, on the UI you get the “session ended” message and click it and you are relogged in.

I have a sessionDestroy method in the servlet and something like:
VaadinService.getCurrentRequest().getWrappedSession().invalidate();

which is being called but not closing the atmosphere aspect.

Not entirely sure, but I think we “solved” this by doing something like this in our logout code…disabling push in all UIs and then separately ensuring each UI has the logout URL set (we adjust our URL based on whether the logoff was requested by the user or not so we can show different messages, but that’s not really part of this problem), and finally closing the session.

        // Hack to turn off PUSH on all UIs first. Doing it this way to try to avoid spurious PUSH sessions reactivating.
        for( final UI ui : VaadinSession.getCurrent().getUIs() ) {
            ui.access(new Runnable() {
                @Override
                public void run() {
                    ui.getPushConfiguration().setPushMode(PushMode.DISABLED);
                }
            });
        }

        // Force all UIs to be logged off when any UI logs off
        for( final UI ui : VaadinSession.getCurrent().getUIs() ) {
            ui.access(new Runnable() {
                @Override
                public void run() {
                    if ( ui instanceof EsfVaadinUI ) {
                        EsfVaadinUI vui = (EsfVaadinUI)ui;
                        vui.setLogoffUrlNormal();
                        vui.getPage().setLocation(logoutUrl); // set the logoff page before we close the session
                    }
                }
            });
        }

        VaadinSession.getCurrent().close();