null session ID remains in session list in case of disconnect while session is being established

[zarv1k]

Hi guys!

First of all I wanna thank you for the great library.
I'm using crossbar in our project and from time to time I'm experiencing the issue with session ID=null.
The issue can be reproduced with crossbar router using dynamic async authenticator.

When a client tries to connect to router which is using dynamic async authenticator and disconnects almost immediately during the session establishment process I see the following unhandled error in crossbar logs:

crossbar_1  | 2018-04-12T14:38:45+0000 [Controller      1] Local node configuration applied successfully!
crossbar_1  | 2018-04-12T14:38:51+0000 [Router         18] Unhandled error in Deferred:
crossbar_1  | 2018-04-12T14:38:51+0000 [Router         18] 
crossbar_1  | Traceback (most recent call last):
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/autobahn/wamp/protocol.py", line 791, in onMessage
crossbar_1  |     txaio.resolve(on_reply, msg.args[0])
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/txaio/tx.py", line 456, in resolve
crossbar_1  |     future.callback(result)
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/twisted/internet/defer.py", line 459, in callback
crossbar_1  |     self._startRunCallbacks(result)
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/twisted/internet/defer.py", line 567, in _startRunCallbacks
crossbar_1  |     self._runCallbacks()
crossbar_1  | --- <exception caught here> ---
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/twisted/internet/defer.py", line 653, in _runCallbacks
crossbar_1  |     current.result = callback(current.result, *args, **kw)
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/crossbar/router/session.py", line 449, in success
crossbar_1  |     welcome(res.realm, res.authid, res.authrole, res.authmethod, res.authprovider, res.authextra, custom)
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/crossbar/router/session.py", line 397, in welcome
crossbar_1  |     custom=custom)
crossbar_1  |   File "/usr/local/lib/python3.6/site-packages/autobahn/wamp/message.py", line 719, in __init__
crossbar_1  |     assert(type(session) in six.integer_types)
crossbar_1  | builtins.AssertionError: 

After that the session with ID=null remains in crossbar.
I've created repo for reproducing the issue in an easy way. Please take a look at your earliest convenience.

crossbar.io version: 18.3.1

Thank you.

P.S. I think that it is not the only one case (on the challenge stage I mean) when this issue occurs. It's just the case that I was able to reproduce.

[oberstet]

Thanks for the nice words! Help spread the word;) Also thx for the detail report: this could point to a race condition when the authenticator actually runs async, and hence it might return later when the session was destroyed in the meantime, and hence the session ID will be cleared. then of course, when the authenticator returns, and tries to send a WELCOME message, that blows up, because the session ID is gone in the meantime.

if that above theory is true, a fix should check for that by adding a if self._pending_session_id: ... else: log.warn("pending session was lost in the meantime ..") guard before this line https://github.com/crossbario/crossbar/blob/master/crossbar/router/session.py#L423