> > As for the memory/accumulation issue I raise, in > AuthenticationService.authenticate, I see that tokenSessionMap is > populated > with information for each session. However, it's not clear when those are > removed from the map. I think I deduce from a rest API call > (Administration?) And there's another case upon an unclear exception but > there's limits to how IntelliJ will let me traceback and reverse engineer > this... > > A couple of things, here: - There is code during the "logout" process that tears down the session (look at the DELETE method on the api/tokens endpoint). - In your custom authentication module, there's a shutdown() method that you could use to clean up anything specific to your authentication module. - If you put Guacamole into DEBUG logging and look at the Tomcat logs (catalina,out or syslog, depending on your configuration) you'll see periodic messages from o.a.g.rest.auth.HashTokenSessionMap cleaning up old sessions. - I believe Tomcat's monitoring/management interface can show you memory utilization for a deployed application, so you can monitor that and make sure it isn't leaking.
-Nick
