Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-4353

Expired sessions in web server are not cleaning up resources, leading to resource leak

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.5.0
    • Component/s: Client - HTTP, Web Server
    • Labels:
      None

      Description

      Currently we store the session resources (including DrillClient) in attribute SessionAuthentication object which implements HttpSessionBindingListener. Whenever a session is invalidated, all attributes are removed and if an attribute class implements HttpSessionBindingListener, listener is informed. SessionAuthentication implementation of HttpSessionBindingListener logs out the user which includes cleaning up the resources as well, but SessionAuthentication relies on ServletContext stored in thread local variable (see here). In case of thread that cleans up the expired sessions there is no ServletContext in thread local variable, leading to not logging out the user properly and resource leak.

      Fix: Add HttpSessionEventListener to cleanup the SessionAuthentication and resources every time a HttpSession is expired or invalidated.

        Attachments

          Activity

            People

            • Assignee:
              vkorukanti Venki Korukanti
              Reporter:
              vkorukanti Venki Korukanti
              Reviewer:
              Rahul Kumar Challapalli
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: