[jira] [Commented] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak

Thu, 04 Feb 2016 14:29:42 -0800 

    [ 
https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133181#comment-15133181
 ] 

ASF GitHub Bot commented on DRILL-4353:
---------------------------------------

Github user jaltekruse commented on the pull request:

    https://github.com/apache/drill/pull/359#issuecomment-180079688
  
    Currently running tests on the patch rebased onto the 1.5 release branch. 
Do you want to go mention on the vote thread that you would like this to be 
included?


> Expired sessions in web server are not cleaning up resources, leading to 
> resource leak
> --------------------------------------------------------------------------------------
>
>                 Key: DRILL-4353
>                 URL: https://issues.apache.org/jira/browse/DRILL-4353
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - HTTP, Web Server
>    Affects Versions: 1.5.0
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>            Priority: Blocker
>             Fix For: 1.5.0
>
>
> Currently we store the session resources (including DrillClient) in attribute 
> {{SessionAuthentication}} object which implements 
> {{HttpSessionBindingListener}}. Whenever a session is invalidated, all 
> attributes are removed and if an attribute class implements 
> {{HttpSessionBindingListener}}, listener is informed. 
> {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}} 
> logs out the user which includes cleaning up the resources as well, but 
> {{SessionAuthentication}} relies on ServletContext stored in thread local 
> variable (see 
> [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
>  In case of thread that cleans up the expired sessions there is no 
> {{ServletContext}} in thread local variable, leading to not logging out the 
> user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the 
> {{SessionAuthentication}} and resources every time a HttpSession is expired 
> or invalidated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to