shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bogdan Flueras (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-399) Memory leak for invalid sessions
Date Mon, 26 Nov 2012 09:58:59 GMT
Bogdan Flueras created SHIRO-399:
------------------------------------

             Summary: Memory leak for invalid sessions
                 Key: SHIRO-399
                 URL: https://issues.apache.org/jira/browse/SHIRO-399
             Project: Shiro
          Issue Type: Bug
    Affects Versions: 1.2.1
            Reporter: Bogdan Flueras


Have a session and wait till gets invalidated via logout/expiration. 
In a SessionListener implementation for the session the client code can try to clean-up the
session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException
because the session is already invalidated by the time it reaches the listener)
This unexpected exception alters the normal flow, hence the code that should delete the session
never gets executed, hence the invalidated session data hangs forever either in memory or
other storage.

This can be avoided with well behaved client code-which knows that it shouldn't try to clean
an expired session, but it should be also handled on your side as well and to enclose some
code in try/finally blocks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message