Return-Path: X-Original-To: apmail-openwebbeans-user-archive@www.apache.org Delivered-To: apmail-openwebbeans-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4CE1A10E79 for ; Fri, 6 Mar 2015 11:55:12 +0000 (UTC) Received: (qmail 76334 invoked by uid 500); 6 Mar 2015 11:55:12 -0000 Delivered-To: apmail-openwebbeans-user-archive@openwebbeans.apache.org Received: (qmail 76304 invoked by uid 500); 6 Mar 2015 11:55:12 -0000 Mailing-List: contact user-help@openwebbeans.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@openwebbeans.apache.org Delivered-To: mailing list user@openwebbeans.apache.org Received: (qmail 76294 invoked by uid 99); 6 Mar 2015 11:55:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Mar 2015 11:55:12 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [144.76.39.237] (HELO mail2.npserv.de) (144.76.39.237) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Mar 2015 11:55:04 +0000 Received: from [10.208.67.52] (unknown [80.228.30.129]) by mail2.npserv.de (Postfix) with ESMTPA id 18D6F20093FC for ; Fri, 6 Mar 2015 12:54:43 +0100 (CET) Message-ID: <54F99580.80109@bfeater.de> Date: Fri, 06 Mar 2015 12:54:40 +0100 From: Sebastian Gebhardt Reply-To: sebastian.gebhardt@bfeater.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: user@openwebbeans.apache.org Subject: Memleak when using owb with tomcat 7 and container managed security? Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hello! My application uses owb and runs in a tomcat 7. The user are authenticated by the container. During the authentication the session id changes (to prevent session fixation attacks). This leads to a second call to SessionContextManager.addNewSessionContext(). But the SessionContext created in the first call is never destroyed/removed. So the SessionContextManager's map of session contexts grows. Finally this leads to an OutOfMemoryException. Is there something I have misconfigured? Thanks!