[
https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rahul Challapalli updated DRILL-4353:
-------------------------------------
Reviewer: Rahul Challapalli (was: Krystal)
> Expired sessions in web server are not cleaning up resources, leading to
> resource leak
> --------------------------------------------------------------------------------------
>
> Key: DRILL-4353
> URL: https://issues.apache.org/jira/browse/DRILL-4353
> Project: Apache Drill
> Issue Type: Bug
> Components: Client - HTTP, Web Server
> Affects Versions: 1.5.0
> Reporter: Venki Korukanti
> Assignee: Venki Korukanti
> Priority: Blocker
> Fix For: 1.5.0
>
>
> Currently we store the session resources (including DrillClient) in attribute
> {{SessionAuthentication}} object which implements
> {{HttpSessionBindingListener}}. Whenever a session is invalidated, all
> attributes are removed and if an attribute class implements
> {{HttpSessionBindingListener}}, listener is informed.
> {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}}
> logs out the user which includes cleaning up the resources as well, but
> {{SessionAuthentication}} relies on ServletContext stored in thread local
> variable (see
> [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
> In case of thread that cleans up the expired sessions there is no
> {{ServletContext}} in thread local variable, leading to not logging out the
> user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the
> {{SessionAuthentication}} and resources every time a HttpSession is expired
> or invalidated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
