The following steps will cause a new JCR session to be opened then leaked:
- Create a ResourceResolver out of an existing JCR session (using AUTHENTICATION_INFO_SESSION)
- Call clone() on the ResourceResolver created in step 1, passing the ResourceResolverFactory.USER_IMPERSONATION key with a username to impersonate
- Close the ResourceResolver created in step 2.
The expected behavior is that since step 2 opened a new JCR Session in the background, step 3 should close it. The actual behavior is that the JCR session stays open without an obvious way to close it, and these leaked sessions can pile up if this sequence is executed often.