diff options
author | Luca Milanesio <luca.milanesio@gmail.com> | 2021-01-18 21:45:47 +0100 |
---|---|---|
committer | Luca Milanesio <luca.milanesio@gmail.com> | 2021-01-26 08:36:30 +0000 |
commit | a5938b1c602ae0b89a3407f1bbe0d415b3047608 (patch) | |
tree | 17a42dba7f70f3ebf2fd783ef8d1cc07030899fb /tools/maven/gerrit-war_pom.xml | |
parent | 58f8d6e31812eafc4f8a040575209de0cbc41167 (diff) |
Avoid creating HTTP Sessions for Git-over-HTTP
The Change-Id: Iffcd0fbd7 has involuntarily triggered the
creation of a new HTTP Session for every invocation a Git-over-HTTP
request.
All came from the mistake of tracing the HTTP session instead
of the Gerrit session in the audit record.
The HTTP Servlet API specs say that any attempt to access
the current session of an incoming request would result
in the creation of a brand-new session.
The session involuntarily created also had an expiry time
equal to zero, which prevented the session housekeeper
to reclaim them later on, even though they were unused.
The consequence of creating an empty session for every
Git-over-HTTP request isn't immediately tangible, because
the session is empty and doesn't occupy a significant
amount of memory. However, longer-term, the in-memory
hashtable that records all the sessions, each one using
750 bytes on average, will be causing the overload
of the JVM heap and the crash of the process because of
lack of available memory.
Use the correct Gerrit session-id, retrieving
from the Provider<WebSession> the proper session, if active
and logged in, and make sure in tests that no HTTP sessions
are created as a result of a Git-over-http request.
Bug: Issue 13858
Change-Id: I8c086fed54b196c3f46fa88ac78c127784524d30
Diffstat (limited to 'tools/maven/gerrit-war_pom.xml')
0 files changed, 0 insertions, 0 deletions