Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-18587

Poor session Id implementation in Weblogic (and potentially websphere) may cause memory leaks to objects keyed off of HttpSession.getId()

    XMLWordPrintable

    Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      In a WebLogic cluster, the HttpSession.getId() call returns a string that not only includes the session ID but also what WebLogic refers to as JVMIDs. These values indicate which nodes in the cluster are the active and which one is preferred. For example, getId() might return a value that looks like this:

      xdp5KfxT0VhR8WJJFcphQZCTQ1GdlH6T5g392NVlpdZm1qvdTVPT!-2015310958!-1301377968!1256157555082

      The entire string is made up of the actual session id PLUS a couple of unique identifiers (delimited by '!') for cluster nodes (the final value is something else). The JVMIDs are used by the WebLogic plugin (at least) for routing requests. If you shut a cluster node down, the getId() call will return something like this - the node that is down is now indicated as 'NONE':

      xdp5KfxT0VhR8WJJFcphQZCTQ1GdlH6T5g392NVlpdZm1qvdTVPT!-1301377968!NONE!1256157555082

      Starting the node back up shows that a new JVMID is used to indicate the recently restarted node:

      xdp5KfxT0VhR8WJJFcphQZCTQ1GdlH6T5g392NVlpdZm1qvdTVPT!-1301377968!1294882958!1256157555082

      This may lead to objects being cached according to the sessionId to become stranded and thus a memory leak.

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. LPS-73785 In case of having Liferay installed in weblogic with cookies disabled and url with sessionId enabled, the jsessionid url parameter is truncated

          • Closed
          relates

          Bug - A problem which impairs or prevents the functions of the product. LPE-5380 Session ID implementation for Weblogic and Websphere may cause memory leaks

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. LPS-36492 Memory leak found running under WebLogic due to session id delimiter

          • Closed

            Activity

              People

              Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              michael.han Michael Han (Inactive)
              Participants of an Issue:
              Recent user:
              Jorge Diaz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 12 weeks ago

                  Packages

                  Version Package
                  6.0.12 EE
                  6.1.0 CE RC1