drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak
Date Thu, 04 Feb 2016 22:28:39 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133181#comment-15133181
] 

ASF GitHub Bot commented on DRILL-4353:
---------------------------------------

Github user jaltekruse commented on the pull request:

    https://github.com/apache/drill/pull/359#issuecomment-180079688
  
    Currently running tests on the patch rebased onto the 1.5 release branch. Do you want
to go mention on the vote thread that you would like this to be included?


> Expired sessions in web server are not cleaning up resources, leading to resource leak
> --------------------------------------------------------------------------------------
>
>                 Key: DRILL-4353
>                 URL: https://issues.apache.org/jira/browse/DRILL-4353
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - HTTP, Web Server
>    Affects Versions: 1.5.0
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>            Priority: Blocker
>             Fix For: 1.5.0
>
>
> Currently we store the session resources (including DrillClient) in attribute {{SessionAuthentication}}
object which implements {{HttpSessionBindingListener}}. Whenever a session is invalidated,
all attributes are removed and if an attribute class implements {{HttpSessionBindingListener}},
listener is informed. {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}}
logs out the user which includes cleaning up the resources as well, but {{SessionAuthentication}}
relies on ServletContext stored in thread local variable (see [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
In case of thread that cleans up the expired sessions there is no {{ServletContext}} in thread
local variable, leading to not logging out the user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the {{SessionAuthentication}} and resources
every time a HttpSession is expired or invalidated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message