Reputation: 3479
session timeout 0: possible memory leak?
Is it good practise to set the session-timeout in web.xml to 0?
Isn't it possible memory leak if user just close the browser without logout?
I've tried to analyze memory heap using MAT, but I didn't found anything regarding session container, but I'm still not sure
Upvotes: 2
Views: 184
Answers (1)
Reputation: 7459
IMHO it is a bad practice.
i think this isn't a memory 'leak' in strict meaning, but may lead to memory saturation.
however this will happen if you have
- a small amount of memory
- heavy session objects
- many users
- container that does not serialize sessions
but if one or more of these conditions are not met, preserving sessions should not be a problem, on memory profile.
i think the worst issue is, instead, on security profile.
session stealing techniques are very effective in this scenario: an attacker can use a stolen session days after the theft.
Upvotes: 3
Related Questions
- ViewExpiredException immediately after logging
- Session Timeout in JSF
- Cause of memory leak in JSF Application
- session-timeout in JSF
- Session Bean being lost?
- Timing out from a bean
- Default Session time out in JSF
- Preventing session timeout during long processing time in JSF
- Strange problem with session.invalidate()
- JSF Memory Usage Issue when using using session beans