Bug 49116

Summary: Memory leak by HttpSession.
Product: Tomcat 6 Reporter: Keiichi Fujino <kfujino>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.0.26   
Target Milestone: default   
Hardware: All   
OS: All   
Attachments: If session is already invalid, expire session to prevent memory leak.

Description Keiichi Fujino 2010-04-14 04:43:30 UTC 
When session is stored in StandardManager#doUnload method, 
an invalid session is stored. 

For instance, 
If HttpSession#invalidate is executed while executing StandardManager#doUnload,
session of "isValid=false" is stored.

The session of isValid=false is restored in StandardManager#doLoad, 
and it registers in session map (sessions). 
However, no one can invalidate this session. 

If isValid is false, StandardSession#invalidate() and StandardSession#isValid() can not expire session.
They are throws IllegalStateException or return immediately. 

Consequently, the session of isValid=false is never deleted from the session map(sessions). 

I made a patch.
If session is already invalid, expire session to prevent memory leak.

Best Regards.
Keiichi.
Comment 1 Keiichi Fujino 2010-04-14 04:45:10 UTC 
Created attachment 25290 [details]
If session is already invalid, expire session to prevent memory leak.
Comment 2 Keiichi Fujino 2010-04-14 04:57:53 UTC 
Fixed in trunk and proposed for 6.0.x.
Comment 3 Keiichi Fujino 2010-05-10 04:42:59 UTC 
This fix applied to 6.0, will be in 6.0.27 onwards.