-
1. Re: Multiple logins cause SRP sessions to accummulate in SRP
starksm64 Aug 28, 2005 12:19 PM (in response to c-ackerman)The close should be removing the session.
http://jira.jboss.com/jira/browse/JBAS-2179 -
2. Re: Multiple logins cause SRP sessions to accummulate in SRP
c-ackerman Aug 29, 2005 4:10 AM (in response to c-ackerman)There is a similar problem in using the TimedCachePolicy as the credential cache in the JaasSecurityManager when using SRP. The TimedCachePolicy only removes entries when an existing entry is replaced by a new one for the same Principal, but the SRPPrincipal object will differ every time because of the sessionID. Hence expired credentials will remain behind in the cache indefinitely.
-
3. Re: Multiple logins cause SRP sessions to accummulate in SRP
starksm64 Sep 4, 2005 12:46 PM (in response to c-ackerman)The JaasSecurityManagerService would need a flushExpired(String domain) op to clear the sessions, or an alternate SRPServerListener implementation that flushed the principal on the closedUserSession(SRPSessionKey) event.
-
4. Re: Multiple logins cause SRP sessions to accummulate in SRP
c-ackerman Sep 5, 2005 5:00 AM (in response to c-ackerman)Scott
Thanks for the replies. I'm probably a bit paranoid about "close" not being guaranteed to always happen for sessions in general, so I made an extended TimedCachePolicy class that regularly removes expired sessions in its TimerTask. Of course this requires synchronization with threads that insert and get entries, so it will slow the cache down somewhat.
That's all from me on this subject for now. Just want to let you know that I enjoy working with JBoss and I find the code easy to work with. Thanks for a great product.
Regards
Charlotte