Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sessions are not removed from Spring SessionRegistry when session timeout #71

Open
alparslanavci opened this issue Apr 18, 2019 · 0 comments
Open

Sessions are not removed from Spring SessionRegistry when session timeout #71

alparslanavci opened this issue Apr 18, 2019 · 0 comments
Labels
bug

Comments

@alparslanavci
Copy link

The session should be removed from Spring's SessionRegistry when the session is timed out. However, it is not removed right now in order to save the session if it is not timed out on another node yet. The following test fails when session timeout is set to 1 min, and also this issue causes OOME after a while because of the accumulating session objects in the registry.

@Test
public void test_sessionTimeout() throws Exception {
    Set<ApplicationContext> applicationContextSet =
            SpringApplicationContextProvider.getApplicationContextSet();
    Iterator<ApplicationContext> i = applicationContextSet.iterator();
    ApplicationContext applicationContext1 = i.next();
    ApplicationContext applicationContext2 = i.next();
    SessionRegistry sessionRegistry1 = applicationContext1.getBean(SessionRegistry.class);
    SessionRegistry sessionRegistry2 = applicationContext2.getBean(SessionRegistry.class);

    SpringSecuritySession sss = login(null, false);

    request("hello", serverPort1, sss.cookieStore);

    String sessionId = sss.getSessionId();
    String hazelcastSessionId = sss.getHazelcastSessionId();

    IMap<String, Object> map = hz.getMap(DEFAULT_MAP_NAME);
    assertEquals("Session should be saved", 1, map.size());

    Thread.sleep(TimeUnit.SECONDS.toMillis(90L));

    assertTrue("Session timeout on both nodes should have removed the IMap entries", map.isEmpty());

    assertTrue(
            "Native session must not exist in both Spring session registry of Node-1 and Node-2 after timeout",
            sessionRegistry1.getSessionInformation(sessionId) == null &&
                    sessionRegistry2.getSessionInformation(sessionId) == null);

    assertTrue(
            "Hazelcast session must not exist in both Spring session registry of Node-1 and Node-2 after timeout",
            sessionRegistry1.getSessionInformation(hazelcastSessionId) == null &&
                    sessionRegistry2.getSessionInformation(hazelcastSessionId) == null);

}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alparslanavci