You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Rahul Challapalli (JIRA)" <ji...@apache.org> on 2016/02/18 23:19:18 UTC

[jira] [Closed] (DRILL-4353) Expired sessions in web server are not cleaning up resources, leading to resource leak

     [ https://issues.apache.org/jira/browse/DRILL-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rahul Challapalli closed DRILL-4353.
------------------------------------

Verified!

> Expired sessions in web server are not cleaning up resources, leading to resource leak
> --------------------------------------------------------------------------------------
>
>                 Key: DRILL-4353
>                 URL: https://issues.apache.org/jira/browse/DRILL-4353
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - HTTP, Web Server
>    Affects Versions: 1.5.0
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>            Priority: Blocker
>             Fix For: 1.5.0
>
>
> Currently we store the session resources (including DrillClient) in attribute {{SessionAuthentication}} object which implements {{HttpSessionBindingListener}}. Whenever a session is invalidated, all attributes are removed and if an attribute class implements {{HttpSessionBindingListener}}, listener is informed. {{SessionAuthentication}} implementation of {{HttpSessionBindingListener}} logs out the user which includes cleaning up the resources as well, but {{SessionAuthentication}} relies on ServletContext stored in thread local variable (see [here|https://github.com/eclipse/jetty.project/blob/jetty-9.1.5.v20140505/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java#L88]). In case of thread that cleans up the expired sessions there is no {{ServletContext}} in thread local variable, leading to not logging out the user properly and resource leak.
> Fix: Add {{HttpSessionEventListener}} to cleanup the {{SessionAuthentication}} and resources every time a HttpSession is expired or invalidated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)