Fix websocket panics on session disconnect#2269
Open
jackmaninov wants to merge 1 commit intocortezaproject:2024.9.xfrom
Open
Fix websocket panics on session disconnect#2269jackmaninov wants to merge 1 commit intocortezaproject:2024.9.xfrom
jackmaninov wants to merge 1 commit intocortezaproject:2024.9.xfrom
Conversation
Fixes multiple race conditions and error handling issues in websocket session management that caused panics during unauthenticated visitor access and login redirects. Changes: - Add nil checks in read() and write() after acquiring lock to prevent nil pointer dereference when disconnect() races with read/write - Return net.ErrClosed from errHandler() for close errors to prevent read loop spinning (~1000 iterations before panic) - Check context in Write() before sending to detect disconnecting session - Add atomic.Bool closed flag to session, checked before channel send to prevent "send on closed channel" panics - Handle additional expected close codes (1005, 1006) and "close sent" error to suppress noisy error logs during normal disconnection Fixes cortezaproject#2223 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Author
|
Not sure if you have an AI generated code policy, but this was done supervised and tested on my production environment. |
Member
|
If the code is good and resolves the issue, then it will be accepted. Thanks for contributing. |
|
Stale pull request message |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes multiple race conditions and error handling issues in websocket session management that caused panics during unauthenticated visitor access and login redirects.
Problem
When unauthenticated users connect via WebSocket (e.g., during redirect from base URL to login page), several issues can occur:
disconnect()setsconn = nilwhileread()/write()operations are pending, causing panic when they try to use the connectionerrHandler()returnednilfor close errors, causing the read loop to continue instead of exiting. After ~1000 iterations, gorilla/websocket triggers a safety panicWrite()could attempt to send tos.sendchannel afterdisconnect()closed itChanges
read()andwrite()after acquiring lock to prevent nil pointer dereferencenet.ErrClosedfromerrHandler()for close errors to exit read/write loops cleanlyatomic.Boolclosed flag to session, set before closing channels indisconnect()Write()before attempting channel senderrHandler()Testing
Fixes #2223