Scott
Thanks for the replies. I'm probably a bit paranoid about "close" not being
guaranteed to always happen for sessions in general, so I made an extended
TimedCachePolicy class that regularly removes expired sessions in its
TimerTask. Of course this requires synchronization with threads that
There is a similar problem in using the TimedCachePolicy as the credential
cache in the JaasSecurityManager when using SRP. The TimedCachePolicy only
removes entries when an existing entry is replaced by a new one for the same
Principal, but the SRPPrincipal object will differ every time because
I am using the JBoss SRP implementation with multiple sessions per user in
JBoss 4.0.2. I see (in the code) that SRPSession objects are never removed from
the private sessionMap collection inside the SRPRemoteServer class.
I think this will cause the sessionMap to keep on growing as each new mapp
