0005440: Sessions doesn't time out.

Mantis - Resin
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
5440		minor	always	05-13-13 03:44	11-12-14 14:54

Reporter:	Mathias Lagerwall	Platform:
Assigned To:	ferg	OS:
Priority:	normal	OS Version:
Status:	closed	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.42

Summary:	0005440: Sessions doesn't time out.
Description:	Same setup as in bug report 0005170. Session max set to 2 sessions. Timeout of 1 minute. Resin 4.0.23 (Before fix 0005170 in Resin 4.0.31) [2013/05/13 11:16:59.982] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] new [2013/05/13 11:16:59.982] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] create session [2013/05/13 11:17:14.820] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] new [2013/05/13 11:17:14.820] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] create session [2013/05/13 11:17:20.012] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] new [2013/05/13 11:17:20.013] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] remove [2013/05/13 11:17:20.040] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] session save valueHash=HashKey[14983a8b] [2013/05/13 11:17:20.040] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] create session [2013/05/13 11:18:47.422] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] remove [2013/05/13 11:18:47.428] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] session save valueHash=HashKey[6e879479] [2013/05/13 11:18:47.428] SessionImpl[aaarrM-O1Hsi8ejKGlD6t,/dk] timeout [2013/05/13 11:18:47.434] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] remove [2013/05/13 11:18:47.437] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] session save valueHash=HashKey[8073b97a] [2013/05/13 11:18:47.437] SessionImpl[aaamazB3S4-HlbbtFlD6t,/dk] timeout [2013/05/13 11:19:42.309] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] new [2013/05/13 11:19:42.313] SessionImpl[aaa-xBb_uFhSEfbRBlD6t,/dk] session load valueHash=HashKey[14983a8b] Resin 4.0.36 (After fix 0005170 in Resin 4.0.31) [2013/05/13 11:21:29.748] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] new [2013/05/13 11:21:29.748] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] create session [2013/05/13 11:21:39.289] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] new [2013/05/13 11:21:39.289] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] create session [2013/05/13 11:21:45.326] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] new [2013/05/13 11:21:45.327] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] remove [2013/05/13 11:21:45.361] SessionImpl[aaa7H-xg3Q0RpftIDmD6t,/dk] session save valueHash=48474fbf563d9df8 [2013/05/13 11:21:45.362] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] create session [2013/05/13 11:23:12.210] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] remove [2013/05/13 11:23:12.215] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] session save valueHash=2e1f3e386cc98459 [2013/05/13 11:23:12.216] SessionImpl[aaad3tDg-p_V-eTvHmD6t,/dk] timeout [2013/05/13 11:23:12.220] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] remove [2013/05/13 11:23:12.221] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] session save valueHash=98b1abf2c3a11b92 [2013/05/13 11:23:12.221] SessionImpl[aaaVkqeNCD_6zhx3FmD6t,/dk] timeout --> Access with cookie aaa7H-xg3Q0RpftIDmD6t [2013/05/13 11:23:34.345] SessionImpl[aaaINdCCyfVgQ-h97mD6t,/dk] new [2013/05/13 11:23:34.345] SessionImpl[aaaINdCCyfVgQ-h97mD6t,/dk] create session The bugfix seem to handle that "timedout" sessions aren't being loaded again as they did pre 4.0.31. But there is no timeout for the sessions that gets saved. This is bad because we have listeners in the application that should be triggered on session destroy. Will this approach not also result in an ever growing session database that will cause problems when we have a fail-over in the cluster? In order to have this working properly we need to have some sort of background thread that do timeout on old sessions in the storage and remove them.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Notes