session.getAttribute() invocation bumps the session timeout and prevents session expiration and removal in JBoss EAP 7.x

Solution Unverified - Updated 14 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 7.x

Issue

After moving to EAP 7, we see our sessions are never timing out as expected. We have some background activity that regularly polls a session.getAttribute call independently of any request. It looks like each getAttribute call bumps the session timeout and prevents it from expiring. Sessions with this activity expired as expected on EAP 6 or Tomcat.
We reach an OOME and our heap dump shows many accumulated io.undertow.server.session.InMemorySessionManager$SessionImpl that seem to not be properly cleaned up after expected idle periods

Resolution

This will be fixed in the future releases (tentatively, EAP 7.2.9+ or EAP 7.3.2+). Update to EAP 7.2.9+ or EAP 7.3.2+ once available.

Root Cause

Undertow: This content is not included.UNDERTOW-1419 - bumpTimeout method usage in InMemorySessionManager
EAP 7.3.x: This content is not included.JBEAP-19474
EAP 7.2.x: This content is not included.JBEAP-19475

SBR

Webservers

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.