When a session expired, the corresponding diagnostics node would remain in the tree.
Not only would this clutter up the tree, but it might also allow for a DoS-type scenario which bypasses the MaxSessionCount restriction where an attacker could open sessions with low timeout, causing uncontrolled memory growth due to orphaned diagnostics nodes.
awcullen
commented
1 year ago
When a session expired, the corresponding diagnostics node would remain in the tree. Not only would this clutter up the tree, but it might also allow for a DoS-type scenario which bypasses the
MaxSessionCountrestriction where an attacker could open sessions with low timeout, causing uncontrolled memory growth due to orphaned diagnostics nodes.