Mantis - Resin
Viewing Issue Advanced Details
5440 minor always 05-13-13 03:44 11-12-14 14:54
Mathias Lagerwall  
none 4.0.42  
0005440: Sessions doesn't time out.
Same setup as in bug report 0005170. Session max set to 2 sessions. Timeout of 1 minute.

Resin 4.0.23 (Before fix 0005170 in Resin 4.0.31)
[2013/05/13 11:16:59.982] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] new
[2013/05/13 11:16:59.982] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] create session
[2013/05/13 11:17:14.820] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] new
[2013/05/13 11:17:14.820] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] create session
[2013/05/13 11:17:20.012] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] new
[2013/05/13 11:17:20.013] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] remove
[2013/05/13 11:17:20.040] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] session save valueHash=HashKey[14983a8b]
[2013/05/13 11:17:20.040] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] create session
[2013/05/13 11:18:47.422] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] remove
[2013/05/13 11:18:47.428] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] session save valueHash=HashKey[6e879479]
[2013/05/13 11:18:47.428] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] timeout
[2013/05/13 11:18:47.434] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] remove
[2013/05/13 11:18:47.437] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] session save valueHash=HashKey[8073b97a]
[2013/05/13 11:18:47.437] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] timeout
[2013/05/13 11:19:42.309] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] new
[2013/05/13 11:19:42.313] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] session load valueHash=HashKey[14983a8b]

Resin 4.0.36 (After fix 0005170 in Resin 4.0.31)
[2013/05/13 11:21:29.748] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] new
[2013/05/13 11:21:29.748] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] create session
[2013/05/13 11:21:39.289] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] new
[2013/05/13 11:21:39.289] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] create session
[2013/05/13 11:21:45.326] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] new
[2013/05/13 11:21:45.327] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] remove
[2013/05/13 11:21:45.361] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] session save valueHash=48474fbf563d9df8
[2013/05/13 11:21:45.362] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] create session
[2013/05/13 11:23:12.210] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] remove
[2013/05/13 11:23:12.215] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] session save valueHash=2e1f3e386cc98459
[2013/05/13 11:23:12.216] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] timeout
[2013/05/13 11:23:12.220] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] remove
[2013/05/13 11:23:12.221] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] session save valueHash=98b1abf2c3a11b92
[2013/05/13 11:23:12.221] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] timeout

--> Access with cookie aaa7H-xg3Q0RpftIDmD6t

[2013/05/13 11:23:34.345] SessionImpl[aaaINdCCyfVgQ-h97mD6t,/dk] new
[2013/05/13 11:23:34.345] SessionImpl[aaaINdCCyfVgQ-h97mD6t,/dk] create session

The bugfix seem to handle that "timedout" sessions aren't being loaded again as they did pre 4.0.31. But there is no timeout for the sessions that gets saved. This is bad because we have listeners in the application that should be triggered on session destroy.
Will this approach not also result in an ever growing session database that will cause problems when we have a fail-over in the cluster?

In order to have this working properly we need to have some sort of background thread that do timeout on old sessions in the storage and remove them.

Mathias Lagerwall   
07-31-13 12:32   
I was not able to add a note on 0005494 since it has been closed.
To answer your question there:
I don't have the databases left but I think they were over 4 Gb in size. Do you think that this issue can be the cause of the really large databases?
The site has a lot of traffic.
08-13-13 11:20   
The saved sessions are timed out and removed.

The issue is the callbacks. And the specific issue is making sure the callback is only called once when it's in a distributed system.
11-12-14 14:54   
Fix is on the issue of growing databases, but not the listener issue.

The purging of old session objects and data had some issues where an older session data might never be freed.

The listener issue is not fixable for Resin 4.0, because the changes required to load the session and call a listener at delete time are too large for the current state of Resin 4.0 (bug fixes only.)

That listener issue could be revisited in Resin 5.0.