Hi, I have a problem with simultaneous requests from the same user with at least one record on AbpUserTokens expired. The client is an Angular 6 spa. When user press F5 to refresh the page (not in the login process), and multiple request are made to the host that is in not alread loaded in memory by IIS, IsTokenValidityKeyValidAsync is called many time and only the firt succeed while the others raise a concurreny error.
Every calls on uow commit try to delete the same expired records. It seems that the method ValidateToken on FrameworkJwtSecurityTokenHandler isn't multi thread safe.
We have recorded a video and produced some immages to better understand the issue. As you will see, 4 calls are made, but only the firt succeed because the others three try to delete the same record on database.
Image 001 show the table before page refresh, image 002 show the table after refresh and image 003 show the profiler with 4 same calls to delete that cause the error
So, how can we deal with this issue? Thank you.
Abp.Domain.Uow.AbpDbConcurrencyException HResult=0x80131500 Message=Database operation expected to affect 1 row(s) but actually affected 0 row(s). Data may have been modified or deleted since entities were loaded. See http://go.microsoft.com/fwlink/?LinkId=527962 for information on understanding and handling optimistic concurrency exceptions. Source=Abp.EntityFrameworkCore StackTrace: at Abp.EntityFrameworkCore.AbpDbContext.SaveChanges() at Abp.Zero.EntityFrameworkCore.AbpZeroCommonDbContext`3.SaveChanges() at Abp.EntityFrameworkCore.Uow.EfCoreUnitOfWork.SaveChangesInDbContext(DbContext dbContext) at Abp.EntityFrameworkCore.Uow.EfCoreUnitOfWork.SaveChanges() at Abp.EntityFrameworkCore.Uow.EfCoreUnitOfWork.CompleteUow() at Abp.Domain.Uow.UnitOfWorkBase.Complete() at Uno.Framework.Web.Authentication.JwtBearer.FrameworkJwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in C:\Uno\Git\uno-ins\framework\src\Uno.Framework.Web.Core\Authentication\JwtBearer\FrameworkJwtSecurityTokenHandler.cs:line 63 at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.
Inner Exception 1: DbUpdateConcurrencyException: Database operation expected to affect 1 row(s) but actually affected 0 row(s). Data may have been modified or deleted since entities were loaded. See http://go.microsoft.com/fwlink/?LinkId=527962 for information on understanding and handling optimistic concurrency exceptions.
Link to video: https://drive.google.com/open?id=1pdS7z4Wy74cr066bbQLwLwCXW45nU2RO
Abp 3.8.2 Asp.Net ~~Boilerplate~~ Zero 5.6.0
1 Answer(s)
-
0
Hi, @ivanosw1, thanks for reporting this.
i have created an issue at https://github.com/aspnetboilerplate/aspnetboilerplate/issues/4367
Meanwhile, if you need urgent fix, you can override the
IsTokenValidityKeyValidAsyncin your AbpUserStore to keep token removal.
