Hi, Following an investigation into the compaction&cleanup issues, we (Michael Duerig and I) noticed some SegmentNotFoundExceptions coming from the login calls.
Blissfully unaware of how this code is actually supposed to work, I stumbled upon a what looks like a missing call to #clearState() from within the #commit method of the ExternalLoginModule [1]. I'm only assuming this because other implementations of the AbstractLoginModule call #clearState when the login attempt did not go through [2]. What I assume happens next is the old session (probably the initial one created on the very first login call) could be reused throughout the module's lifetime, which would in the end result in the SNFEs post compaction. Could someone clarify this? thanks, alex [1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java#L262 [2] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java#L186