4 Replies Latest reply on Sep 5, 2005 5:00 AM by Charlotte Ackerman

    Multiple logins cause SRP sessions to accummulate in SRPRemo

    Charlotte Ackerman Newbie

      I am using the JBoss SRP implementation with multiple sessions per user in JBoss 4.0.2. I see (in the code) that SRPSession objects are never removed from the private sessionMap collection inside the SRPRemoteServer class.
      I think this will cause the sessionMap to keep on growing as each new mapping that is added has a new key (made from username and a unique session id).
      It looks like the SRPSession can be removed from the sessionMap after handshaking is completed, i.e. in the verify method (whether verify succeeds or not).
      This will still leave behind entries for which the client never attempted to complete handshaking (verify never called). Maybe a timeout mechanism can work, with a scavenger thread to remove invalid entries - just a suggestion!