shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <>
Subject [jira] [Closed] (SHIRO-399) Memory leak for invalid sessions
Date Fri, 15 Jul 2016 15:04:20 GMT


Brian Demers closed SHIRO-399.

> Memory leak for invalid sessions
> --------------------------------
>                 Key: SHIRO-399
>                 URL:
>             Project: Shiro
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: Bogdan Flueras
>              Labels: patch, patch-with-test
>             Fix For: 1.2.2
>         Attachments: patch.txt
> Have a session and wait till gets invalidated via logout/expiration. 
> In a SessionListener implementation for the session the client code can try to clean-up
the session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException
because the session is already invalidated by the time it reaches the listener)
> This unexpected exception alters the normal flow, hence the code that should delete the
session never gets executed, hence the invalidated session data hangs forever either in memory
or other storage.
> This can be avoided with well behaved client code-which knows that it shouldn't try to
clean an expired session, but it should be also handled on your side as well and to enclose
some code in try/finally blocks.

This message was sent by Atlassian JIRA

View raw message