I recently re-wrote 10MinuteMail, my secure temporary email service, updating it from Seam 2 and JBoss 4.2 to Deltaspike and Wildfly 10. Unfortunately I noticed a memory leak in the JVM. During beta testing, the JVM heap usage would slowly grow, over 1-2 weeks until it reached an OOM (out of memory condition).
I performed analysis on heap dumps taken at various stages of memory consumption and discovered that the issue was HttpSessionImpl objects being held onto by the com.sun.faces.application.WebappLifecycleListener’s activeSessions property. Since 10MinuteMail does some “manual” session expiration and management, and the new application is AJAX heavy, I figured I was doing something wrong. But thanks to some great support on the JBoss.org forums, I soon learned that there is a bug in the Undertow sub-system that ships with Wildfly 10.0.0.FINAL which keeps old sessions around, causing a memory leak – [UNDERTOW-657] HttpSession never removed from activeSessions – JBoss Issue Tracker
The fix is to replace the Undertow modules that come with Wildfly 10 with the latest stable release versions. You can find more details here – https://developer.jboss.org/message/959286#959286
Now my application works as expected with no memory leak or abnormal numbers of session objects.