Session and Memory Leak on Wildfly 10

///Session and Memory Leak on Wildfly 10

Session and Memory Leak on Wildfly 10

I recently re-wrote 10MinuteMail, my secure temporary email service, updating it from Seam 2 and JBoss 4.2 to Deltaspike and Wildfly 10.  Unfortunately I noticed a memory leak in the JVM.  During beta testing, the JVM heap usage would slowly grow, over 1-2 weeks until it reached an OOM (out of memory condition).

Memory Leak in the Old Gen on Wildfly 10

I performed analysis on heap dumps taken at various stages of memory consumption and discovered that the issue was HttpSessionImpl objects being held onto by the com.sun.faces.application.WebappLifecycleListener’s activeSessions property.  Since 10MinuteMail does some “manual” session expiration and management, and the new application is AJAX heavy, I figured I was doing something wrong.  But thanks to some great support on the forums, I soon learned that there is a bug in the Undertow sub-system that ships with Wildfly 10.0.0.FINAL which keeps old sessions around, causing a memory leak – 

[UNDERTOW-657] HttpSession never removed from activeSessions – JBoss Issue Tracker

The fix is to replace the Undertow modules that come with Wildfly 10 with the latest stable release versions.  You can find more details here –

Now my application works as expected with no memory leak or abnormal numbers of session objects.

By |2016-06-28T15:41:00+00:00June 28th, 2016|JBoss|9 Comments

About the Author:

Devon is a husband, amateur photographer, avid reader, and motorcycle enthusiast.


  1. Anonymous July 15, 2016 at 5:37 am - Reply

    10 minutemail new web dont work for me. Please come to the old web.
    Please, dont change the good work.

  2. Whosurrubber August 4, 2016 at 12:50 pm - Reply

    Great looking new face on 10minute mail! Noticed the countdown clock doesn’t scale down when the window size is reduced (Firefox 47.0). Hardly a big deal, tho!

  3. Anymouse September 3, 2016 at 10:22 am - Reply

    Great job! Is not, however, playing nice with TOR browser as Captcha fails.

    Is there a TOR friendly version possible?

    • Devon November 27, 2016 at 6:52 am - Reply

      That is related to CloudFlare and not a site-specific thing. I’ve just enabled a TOR related config change that should help the situation though. Let me know if it helps!

  4. Craig April 21, 2017 at 9:29 am - Reply

    When I send a message to the 10minute email address it bounces back as not found.

    • Devon April 22, 2017 at 7:29 am - Reply

      It seems to be working for me. Are you sure you sent it while the address was still active?

  5. Piotr January 31, 2018 at 10:04 am - Reply

    Hi Guys
    I have same problem with Jboss 7 EAP (wildfly 10). Already applied fixpack 7.0.9 but still HttpSessionImpl stays in Heap. Is there official solution for Jboss 7 eap? Is there any configuration to terminate this session (some limit)? Thx

  6. Gerald March 19, 2018 at 10:16 am - Reply

    We see the issue in JBOSS 7.0.4 too. Did anyone every get a solution to this for JBOSS 7 EAP?

  7. Gerald March 20, 2018 at 7:26 am - Reply

    Just in case anyone else encounters an issue with a session memory leak on jboss 7 with Oracle Commerce 11.3, you can get a patch for it from Oracle Support.

Leave A Comment