You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Bogdan Flueras (JIRA)" <ji...@apache.org> on 2012/11/26 10:58:59 UTC

[jira] [Created] (SHIRO-399) Memory leak for invalid sessions

Bogdan Flueras created SHIRO-399:
------------------------------------

             Summary: Memory leak for invalid sessions
                 Key: SHIRO-399
                 URL: https://issues.apache.org/jira/browse/SHIRO-399
             Project: Shiro
          Issue Type: Bug
    Affects Versions: 1.2.1
            Reporter: Bogdan Flueras


Have a session and wait till gets invalidated via logout/expiration. 
In a SessionListener implementation for the session the client code can try to clean-up the session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException because the session is already invalidated by the time it reaches the listener)
This unexpected exception alters the normal flow, hence the code that should delete the session never gets executed, hence the invalidated session data hangs forever either in memory or other storage.

This can be avoided with well behaved client code-which knows that it shouldn't try to clean an expired session, but it should be also handled on your side as well and to enclose some code in try/finally blocks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Re: [jira] [Created] (SHIRO-399) Memory leak for invalid sessions

Posted by bflueras <fl...@gmail.com>.

Hi,
See below some code on how to reproduce it.
public class MySessionListener implements SessionListener {
    @Override
    public void onStart(Session session) {
    }

    @Override
    public void onStop(Session session) {
       //Throws exception which prevents normal flow after, the session
object in not deleted in sessionDAO
        session.removeAttribute(validAttribute); 
    }

    @Override
    public void onExpiration(Session session) {
           //Throws exception which prevents normal flow after, the session
object in not deleted in sessionDAO
           session.removeAttribute(validAttribute); //Throws exception which
prevents normal flow after
    }
}

I would like to fix this bug and enclose some code within try/finally
blocks.
WDYT?



--
View this message in context: http://shiro-developer.582600.n2.nabble.com/jira-Created-SHIRO-399-Memory-leak-for-invalid-sessions-tp7577746p7577747.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

[jira] [Updated] (SHIRO-399) Memory leak for invalid sessions

Posted by "Bogdan Flueras (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bogdan Flueras updated SHIRO-399:
---------------------------------

    Attachment: patch.txt

Please review the attached patch applied on the revision 1413640.
                
> Memory leak for invalid sessions
> --------------------------------
>
>                 Key: SHIRO-399
>                 URL: https://issues.apache.org/jira/browse/SHIRO-399
>             Project: Shiro
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: Bogdan Flueras
>         Attachments: patch.txt
>
>
> Have a session and wait till gets invalidated via logout/expiration. 
> In a SessionListener implementation for the session the client code can try to clean-up the session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException because the session is already invalidated by the time it reaches the listener)
> This unexpected exception alters the normal flow, hence the code that should delete the session never gets executed, hence the invalidated session data hangs forever either in memory or other storage.
> This can be avoided with well behaved client code-which knows that it shouldn't try to clean an expired session, but it should be also handled on your side as well and to enclose some code in try/finally blocks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (SHIRO-399) Memory leak for invalid sessions

Posted by "Bogdan Flueras (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bogdan Flueras updated SHIRO-399:
---------------------------------

    Attachment: patch.txt

Please review the attached patch applied on the revision 1413640.
                
> Memory leak for invalid sessions
> --------------------------------
>
>                 Key: SHIRO-399
>                 URL: https://issues.apache.org/jira/browse/SHIRO-399
>             Project: Shiro
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: Bogdan Flueras
>         Attachments: patch.txt
>
>
> Have a session and wait till gets invalidated via logout/expiration. 
> In a SessionListener implementation for the session the client code can try to clean-up the session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException because the session is already invalidated by the time it reaches the listener)
> This unexpected exception alters the normal flow, hence the code that should delete the session never gets executed, hence the invalidated session data hangs forever either in memory or other storage.
> This can be avoided with well behaved client code-which knows that it shouldn't try to clean an expired session, but it should be also handled on your side as well and to enclose some code in try/finally blocks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (SHIRO-399) Memory leak for invalid sessions

Posted by "Bogdan Flueras (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bogdan Flueras updated SHIRO-399:
---------------------------------

    Attachment:     (was: patch.txt)
    
> Memory leak for invalid sessions
> --------------------------------
>
>                 Key: SHIRO-399
>                 URL: https://issues.apache.org/jira/browse/SHIRO-399
>             Project: Shiro
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: Bogdan Flueras
>         Attachments: patch.txt
>
>
> Have a session and wait till gets invalidated via logout/expiration. 
> In a SessionListener implementation for the session the client code can try to clean-up the session (what I originally did: session.removeAttributes() but doing so throws an InvalidSessionException because the session is already invalidated by the time it reaches the listener)
> This unexpected exception alters the normal flow, hence the code that should delete the session never gets executed, hence the invalidated session data hangs forever either in memory or other storage.
> This can be avoided with well behaved client code-which knows that it shouldn't try to clean an expired session, but it should be also handled on your side as well and to enclose some code in try/finally blocks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira