Hi Sebastian! I think it should all work out of the box. How did you setup OWB in tomcat? Are you using the webbeans-tomcat7 + context.xml or are you simply adding the WebBeansConfigurationListener in your web.xml?
In any case, please debug into WebBeansConfigurationListener#sessionDestroyed(). (You can also debug into sessionCreated() to be sure the listener is properly registered). This is a standard HttpSessionListener and must get invoked by the container. What tomcat feature do you use to force a new sessionId? changeSessionIdOnAuthentication ? Maybe we need to add support for those or provide a better mapping. If you give me a few hints how your application looks like in regards to session handling then I’ll investigate it. We are short before a release anyway. LieGrue, strub > Am 06.03.2015 um 12:54 schrieb Sebastian Gebhardt > <[email protected]>: > > Hello! > > My application uses owb and runs in a tomcat 7. The user are authenticated by > the container. > During the authentication the session id changes (to prevent session fixation > attacks). This leads to a second call to > SessionContextManager.addNewSessionContext(). But the SessionContext created > in the first call is never destroyed/removed. So the SessionContextManager's > map of session contexts grows. Finally this leads to an OutOfMemoryException. > Is there something I have misconfigured? > > > Thanks!
