Hi Mark!
I added the WebBeansConfigurationListener to the web.xml and also use
the openwebbeans-tomcat7 plugin. The tomcat parameter
changeSessionIdOnAuthentication is not explicitly changed, so the
default value true should be active.
My starting point was a heap dump resulting from an OutOfMemoryError of
the application. Inspecting the dump, I noticed the sessionContexts Map
of the SessionContextManager. The map was about 2,5 GB.
During my debugging sessions I detected two
WebBeansConfigurationListener.sessionCreated()
calls for a login. The second call only creates a copy of the first one
(attributes are the same of the first session). But I never expected a
WebBeansConfigurationListener.sessionDestroyed() call for the first session.
Thanks
Am 06.03.2015 um 13:19 schrieb Mark Struberg:
Hi Sebastian!
I think it should all work out of the box. How did you setup OWB in tomcat?
Are you using the webbeans-tomcat7 + context.xml or are you simply adding the
WebBeansConfigurationListener in your web.xml?
In any case, please debug into WebBeansConfigurationListener#sessionDestroyed().
(You can also debug into sessionCreated() to be sure the listener is properly
registered).
This is a standard HttpSessionListener and must get invoked by the container.
What tomcat feature do you use to force a new sessionId?
changeSessionIdOnAuthentication ?
Maybe we need to add support for those or provide a better mapping.
If you give me a few hints how your application looks like in regards to
session handling then I’ll investigate it.
We are short before a release anyway.
LieGrue,
strub
Am 06.03.2015 um 12:54 schrieb Sebastian Gebhardt
<[email protected]>:
Hello!
My application uses owb and runs in a tomcat 7. The user are authenticated by
the container.
During the authentication the session id changes (to prevent session fixation
attacks). This leads to a second call to
SessionContextManager.addNewSessionContext(). But the SessionContext created in
the first call is never destroyed/removed. So the SessionContextManager's map
of session contexts grows. Finally this leads to an OutOfMemoryException.
Is there something I have misconfigured?
Thanks!
--
Sebastian Gebhardt
Email: [email protected]
PGP-Public Key: http://www.bfeater.de/bfeater_pubkey.asc
