drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venki Korukanti (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak
Date Thu, 04 Feb 2016 21:40:39 GMT
Venki Korukanti created DRILL-4353:
--------------------------------------

             Summary: Expired sessions in web server are not cleaning up resources, leading
to resource leak
                 Key: DRILL-4353
                 URL: https://issues.apache.org/jira/browse/DRILL-4353
             Project: Apache Drill
          Issue Type: Bug
          Components: Web Server, Client - HTTP
    Affects Versions: 1.5.0
            Reporter: Venki Korukanti
            Assignee: Venki Korukanti
            Priority: Blocker
             Fix For: 1.5.0


Currently we store the session resources (including DrillClient) in attribute {{SessionAuthentication}}
object which implements {{HttpSessionBindingListener}}. Whenever a session is invalidated,
all attributes are removed and if an attribute class implements {{HttpSessionBindingListener}},
listener is informed. {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}}
logs out the user which includes cleaning up the resources as well, but {{SessionAuthentication}}
relies on ServletContext stored in thread local variable (see [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
In case of thread that cleans up the expired sessions there is no {{ServletContext}} in thread
local variable, leading to not logging out the user properly and resource leak.

Fix: Add {{HttpSessionEventListener}} to cleanup the {{SessionAuthentication}} and resources
every time a HttpSession is expired or invalidated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message