Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-4353

Expired sessions in web server are not cleaning up resources, leading to resource leak

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 1.5.0
    • 1.5.0
    • Client - HTTP, Web Server
    • None

    Description

      Currently we store the session resources (including DrillClient) in attribute SessionAuthentication object which implements HttpSessionBindingListener. Whenever a session is invalidated, all attributes are removed and if an attribute class implements HttpSessionBindingListener, listener is informed. SessionAuthentication implementation of HttpSessionBindingListener logs out the user which includes cleaning up the resources as well, but SessionAuthentication relies on ServletContext stored in thread local variable (see here). In case of thread that cleans up the expired sessions there is no ServletContext in thread local variable, leading to not logging out the user properly and resource leak.

      Fix: Add HttpSessionEventListener to cleanup the SessionAuthentication and resources every time a HttpSession is expired or invalidated.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            vkorukanti Venki Korukanti
            vkorukanti Venki Korukanti
            Rahul Kumar Challapalli Rahul Kumar Challapalli
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment