drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak
Date Thu, 04 Feb 2016 22:28:39 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133181#comment-15133181

ASF GitHub Bot commented on DRILL-4353:

Github user jaltekruse commented on the pull request:

    Currently running tests on the patch rebased onto the 1.5 release branch. Do you want
to go mention on the vote thread that you would like this to be included?

> Expired sessions in web server are not cleaning up resources, leading to resource leak
> --------------------------------------------------------------------------------------
>                 Key: DRILL-4353
>                 URL: https://issues.apache.org/jira/browse/DRILL-4353
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - HTTP, Web Server
>    Affects Versions: 1.5.0
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>            Priority: Blocker
>             Fix For: 1.5.0
> Currently we store the session resources (including DrillClient) in attribute {{SessionAuthentication}}
object which implements {{HttpSessionBindingListener}}. Whenever a session is invalidated,
all attributes are removed and if an attribute class implements {{HttpSessionBindingListener}},
listener is informed. {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}}
logs out the user which includes cleaning up the resources as well, but {{SessionAuthentication}}
relies on ServletContext stored in thread local variable (see [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
In case of thread that cleans up the expired sessions there is no {{ServletContext}} in thread
local variable, leading to not logging out the user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the {{SessionAuthentication}} and resources
every time a HttpSession is expired or invalidated.

This message was sent by Atlassian JIRA

View raw message