cas, springboot, spring-session, session-jdbc, and embedded Tomcat，The request object has been recycled and is no longer associated with this facade

[songfeiyue]

Describe the bug I am using the spring-session solution: cas-server, springboot, spring-session, session-jdbc, and embedded Tomcat, which integrates spring-session and session-jdbc. -Dorg.apache.catalina.connector.RECYCLE_FACADES=true is configured for Tomcat, However, an exception occurs when the CAS invokes the client service to destroy the ticket during logout. If the -Dorg.apache.catalina.connector.RECYCLE_FACADES=false is disabled, the exception is normal. The exception is org.springframework.session.web.http.SessionRepositoryFilter.SessionRepositoryRequestWrapper.HttpSessionWrapper#invalidate setCurrentSession(null) . When setCurrentSession(null) is executed, the program invokes org.springframework.session.web.http.SessionRepositoryFilter.SessionRepositoryRequestWrapper#setCurrentSession to remove the CURRENT_SESSION_ATTR attribute of SessionRepositoryRequestWrapper. The removal instruction is executed to org.apache.catalina.connector.RequestFacade#removeAttribute, and the request attribute is empty. Therefore, an exception is thrown, the session fails to be destroyed. The exception details are as follows: [https-jsse-nio-172.18.1.36-17101-exec-2]2021-04-16 11:26:31.685 [DEBUG] | Error invalidating session*****#*#***** | org.jasig.cas.client.session.SingleSignOutHandler.destroySession(SingleSignOutHandler.java:286) java.lang.IllegalStateException: The request object has been recycled and is no longer associated with this facade at org.apache.catalina.connector.RequestFacade.removeAttribute(RequestFacade.java:549) ~[tomcat-embed-core-9.0.40.jar:9.0.40] at javax.servlet.ServletRequestWrapper.removeAttribute(ServletRequestWrapper.java:266) ~[tomcat-embed-core-9.0.40.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.removeAttribute(ServletRequestWrapper.java:266) ~[tomcat-embed-core-9.0.40.jar:4.0.FR] at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.setCurrentSession(SessionRepositoryFilter.java:240) ~[spring-session-core-2.2.0.RELEASE.jar:2.2.0.RELEASE] at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.access$800(SessionRepositoryFilter.java:192) ~[spring-session-core-2.2.0.RELEASE.jar:2.2.0.RELEASE] at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper.invalidate(SessionRepositoryFilter.java:385) ~[spring-session-core-2.2.0.RELEASE.jar:2.2.0.RELEASE] at org.jasig.cas.client.session.SingleSignOutHandler.destroySession(SingleSignOutHandler.java:284) [cas-client-core-3.6.0.jar:3.6.0] at org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:196) [cas-client-core-3.6.0.jar:3.6.0] at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:93) [cas-client-core-3.6.0.jar:3.6.0] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.40.jar:9.0.40] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.40.jar:9.0.40] at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:141) [spring-session-core-2.2.0.RELEASE.jar:2.2.0.RELEASE] at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82) [spring-session-core-2.2.0.RELEASE.jar:2.2.0.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.40.jar:9.0.40] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.40.jar:9.0.40] To Reproduce Steps to reproduce the behavior.

Expected behavior Expected result: After RECYCLE_FACADES is enabled, the logout function is normal.

Sample I can't provide a sample.