[
https://issues.apache.org/jira/browse/SHIRO-399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers closed SHIRO-399.
------------------------------
> Memory leak for invalid sessions
> --------------------------------
>
> Key: SHIRO-399
> URL: https://issues.apache.org/jira/browse/SHIRO-399
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 1.2.1
> Reporter: Bogdan Flueras
> Labels: patch, patch-with-test
> Fix For: 1.2.2
>
> Attachments: patch.txt
>
>
> Have a session and wait till gets invalidated via logout/expiration.
> In a SessionListener implementation for the session the client code can try
> to clean-up the session (what I originally did: session.removeAttributes()
> but doing so throws an InvalidSessionException because the session is already
> invalidated by the time it reaches the listener)
> This unexpected exception alters the normal flow, hence the code that should
> delete the session never gets executed, hence the invalidated session data
> hangs forever either in memory or other storage.
> This can be avoided with well behaved client code-which knows that it
> shouldn't try to clean an expired session, but it should be also handled on
> your side as well and to enclose some code in try/finally blocks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
