drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Altekruse (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak
Date Tue, 09 Feb 2016 00:54:18 GMT

     [ https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jason Altekruse resolved DRILL-4353.
------------------------------------
    Resolution: Fixed

Fixed in 282dfd762f1bd6628b293c68b20cdff321bd70a3

This was also merged into the 1.5 release branch, that commit has a different hash, but there
were other changes that had already been merged into master that we didn't want to include
in the release.

> Expired sessions in web server are not cleaning up resources, leading to resource leak
> --------------------------------------------------------------------------------------
>
>                 Key: DRILL-4353
>                 URL: https://issues.apache.org/jira/browse/DRILL-4353
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - HTTP, Web Server
>    Affects Versions: 1.5.0
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>            Priority: Blocker
>             Fix For: 1.5.0
>
>
> Currently we store the session resources (including DrillClient) in attribute {{SessionAuthentication}}
object which implements {{HttpSessionBindingListener}}. Whenever a session is invalidated,
all attributes are removed and if an attribute class implements {{HttpSessionBindingListener}},
listener is informed. {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}}
logs out the user which includes cleaning up the resources as well, but {{SessionAuthentication}}
relies on ServletContext stored in thread local variable (see [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]).
In case of thread that cleans up the expired sessions there is no {{ServletContext}} in thread
local variable, leading to not logging out the user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the {{SessionAuthentication}} and resources
every time a HttpSession is expired or invalidated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message