The ConnectionThrottlerFilter is uterly broken. The conecpt itself is broken.
One should never try to fix such an issue in the applicatioin itself, it should be dealt with at a upper level. If a rogue client is trying to DDOS the server by creating thousands of sessions, this should be detected before the MINA server is hit.
The real problem with this approach is that we have a map storing the created session forever. We Never delete any of the session from the map, which will lead to a OOM in the long run (and even if we do keep the session for only a period of time, that would put a huge strain on the server : in the case we do have a DDOS, we would have to handle tens of thousands of requests per second, though a synchronized map. It's not going to fly...)
I would rather suggest we remove this filter from MINA. Use the right tool for the right problem...