> I set the web.xml session-timeout to -1 (infinite)... > This morning our CAS instance was down due to an OutOfMemoryException > (OOME)
OOM would be the expected behavior for setting an infinite session timeout. You have effectively instructed the servlet container to never reclaim memory for abandoned sessions, which would be expected to produce OOM after a period of time that is a function of authentications/sec and memory capacity. > I’m wondering if leaving sessions alive too long is exposing a memory leak > somewhere in CAS (I’m on 3.5.2.1)? You haven't uncovered a memory leak, you have produced one by fairly drastic choice of configuration. There is simply no use case for infinite session timeouts. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
