Bogdan Flueras created SHIRO-399:
------------------------------------
Summary: Memory leak for invalid sessions
Key: SHIRO-399
URL: https://issues.apache.org/jira/browse/SHIRO-399
Project: Shiro
Issue Type: Bug
Affects Versions: 1.2.1
Reporter: Bogdan Flueras
Have a session and wait till gets invalidated via logout/expiration.
In a SessionListener implementation for the session the client code can try to
clean-up the session (what I originally did: session.removeAttributes() but
doing so throws an InvalidSessionException because the session is already
invalidated by the time it reaches the listener)
This unexpected exception alters the normal flow, hence the code that should
delete the session never gets executed, hence the invalidated session data
hangs forever either in memory or other storage.
This can be avoided with well behaved client code-which knows that it shouldn't
try to clean an expired session, but it should be also handled on your side as
well and to enclose some code in try/finally blocks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
