try fix session potential leak by server sse ping #508
Conversation
There was a problem hiding this comment.
According to the specification, sessions are rather permanent (outlive the client connection) and removing sessions should happen explicitly via a DELETE call by the client. The specification does not explain when sessions are removed so perhaps we could add a mechanism for the server to decide, e.g. introduce a TTL for inactive sessions. However, client disconnects should not trigger session removal unless explicitly configured that way (another strategy outside of TTL?). I'd suggest we discard this contribution and open a discussion in another issue, WDYT @tzolov ?
I think we need ttl |
|
Here, with reference to the SSE implementation, cleanup is triggered when the SSE connection ends. |
Motivation and Context
Streamable Potential session leaks when Client Fails to Invoke DELETE
Problem:
The current implementation can leak server-side sessions under the following conditions:
a. Session accumulation due to missing DELETE calls
When a client repeatedly establishes new connections but never issues the required DELETE request, the sessions map inside WebMvcStreamableServerTransportProvider grows unbounded.
i. Explicit DELETE is mandatory
Streamable clients must call the DELETE method when they are destroyed to ensure the server cleans up the corresponding session.
b. Client restarts prevent DELETE execution
If the client process (or container) is restarted before it has a chance to send the DELETE, the server retains the now-orphaned session indefinitely, leading to a rapid accumulation of stale entries.
How Has This Been Tested?
Breaking Changes
Types of changes
Checklist
Additional context