The session should be removed from Spring's SessionRegistry when the session is timed out. However, it is not removed right now in order to save the session if it is not timed out on another node yet. The following test fails when session timeout is set to 1 min, and also this issue causes OOME after a while because of the accumulating session objects in the registry.
@Test
public void test_sessionTimeout() throws Exception {
Set<ApplicationContext> applicationContextSet =
SpringApplicationContextProvider.getApplicationContextSet();
Iterator<ApplicationContext> i = applicationContextSet.iterator();
ApplicationContext applicationContext1 = i.next();
ApplicationContext applicationContext2 = i.next();
SessionRegistry sessionRegistry1 = applicationContext1.getBean(SessionRegistry.class);
SessionRegistry sessionRegistry2 = applicationContext2.getBean(SessionRegistry.class);
SpringSecuritySession sss = login(null, false);
request("hello", serverPort1, sss.cookieStore);
String sessionId = sss.getSessionId();
String hazelcastSessionId = sss.getHazelcastSessionId();
IMap<String, Object> map = hz.getMap(DEFAULT_MAP_NAME);
assertEquals("Session should be saved", 1, map.size());
Thread.sleep(TimeUnit.SECONDS.toMillis(90L));
assertTrue("Session timeout on both nodes should have removed the IMap entries", map.isEmpty());
assertTrue(
"Native session must not exist in both Spring session registry of Node-1 and Node-2 after timeout",
sessionRegistry1.getSessionInformation(sessionId) == null &&
sessionRegistry2.getSessionInformation(sessionId) == null);
assertTrue(
"Hazelcast session must not exist in both Spring session registry of Node-1 and Node-2 after timeout",
sessionRegistry1.getSessionInformation(hazelcastSessionId) == null &&
sessionRegistry2.getSessionInformation(hazelcastSessionId) == null);
}
The session should be removed from Spring's
SessionRegistrywhen the session is timed out. However, it is not removed right now in order to save the session if it is not timed out on another node yet. The following test fails when session timeout is set to 1 min, and also this issue causes OOME after a while because of the accumulating session objects in the registry.