On Thu, Jul 18, 2013 at 6:44 PM, Marko Strukelj <marko.strukelj@gmail.com> wrote:

The proper place for this is WCI yes.

I suggest the same approach for Tomcat - adding session.invalidate() call before request.logout().

- marko
On Thu, Jul 18, 2013 at 1:01 PM, Nick Scavelli <nscavell@redhat.com> wrote:
Marko can probably give more insight but the logic was moved to WCI to invalidate but looks like only for JB7ServletContainerContext. The commit is here https://github.com/gatein/gatein-wci/commit/eac3e13cbbd1c8d28c1b4ae9a3fcd5a417d123cb. Maybe just add the invalidate in TC7ServletContainerContext like the following commit ?

On 07/18/2013 12:16 AM, Phuong Viet VU wrote:
The problem happen afer this commit https://github.com/gatein/gatein-portal/commit/164fd647e2

On Thu, Jul 18, 2013 at 11:14 AM, Phuong Viet VU <phuongvv@exoplatform.com> wrote:

Hi all, I'm working on this issue GTNPORTAL-3184. To summary:

when user logout, the sessionDestroyed event is dispatched and JAASConversationStateListener listener will clear the coressponding Conversation object in the registry.

In WCI (TC7ServletContainerContext class) we have logout code like this:

//This will change the sessionID
servletRequest.logout();
...
//This code dispatch sessionDistroyed event
webapp.invalidateSession();
...

The JAASConversationStateListener receive session destroyed event but with a difference sessionID. Then it can not remove the corresponding Conversation object in the ConversationRegitry service
this cause memory leak in the ConversationRegitry and IdentityRegistry service

Should we fix this in WCI ? I'm not sure about the solution, can someone help me on this ?
_______________________________________________
gatein-dev mailing list
gatein-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
_______________________________________________
gatein-dev mailing list
gatein-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev