NPE while newSessionId creating in Jetty server


Recently we noticed an issue while using Openfire 4.6.0 Version.
Openfire server is up and when I tried to load a JSP hosted on the server all are loading perfectly. After a couple of days when I hit the same URL to load JSP it gave this exception.
Looking at the causeed by down at the bottom I see

at org.eclipse. jetty.server session.DefaultSessionIdManager .newSessionId( 234)

Openfire 4.6.0 is using Jetty-server 9.4.31.xx version. So from the Jetty-Server code the _random value in the DefaultSessionIdManager class is somehow set to null which ideally should happen when the Jetty server is down. Couldn’t find the root cause of this issue.
Finally, I did a restart of Openfire and this started working. Any thoughts on this issue much appreciated.

This reminds me of [OF-1534] - Ignite Realtime Jira but that issue should not be present in Openfire 4.6.0.

In any case, the version of Openfire that you’re using is old, and has a couple of very nasty security issues. I strongly suggest that you upgrade.

The URL that you’re using (pc2turret-mac-mapping.jsp) indicates that you’re running custom code. Without being able to investigate, it is hard to say, but from experience, many of these issues find their origin in custom code.

Thanks Guus for the reply.
I am using Openfire 4.6.0. We are planning to upgrade to 4.7.5 Openfire.

You are correct we are using a custom code. When the issue occurred we weren’t able to launch any jsp file hosted on the server. Fail in creating a new sessionId.

From the Jetty-Server change log noticed these two tickets most likely to this case

Given that I’ve not heard about this problem before, my guess is that it is somehow triggered by your custom code. Can you reproduce the problem without that custom code?