Session and Memory Leak on Wildfly 10

I recently re-wrote 10MinuteMail, my secure temporary email service, updating it from Seam 2 and JBoss 4.2 to Deltaspike and Wildfly 10. Unfortunately I noticed a memory leak in the JVM. During beta testing, the JVM heap usage would slowly grow, over 1-2 weeks until it reached an OOM (out of memory condition).

I performed analysis on heap dumps taken at various stages of memory consumption and discovered that the issue was HttpSessionImpl objects being held onto by the com.sun.faces.application.WebappLifecycleListener’s activeSessions property. Since 10MinuteMail does some “manual” session expiration and management, and the new application is AJAX heavy, I figured I was doing something wrong. But thanks to some great support on the JBoss.org forums, I soon learned that there is a bug in the Undertow sub-system that ships with Wildfly 10.0.0.FINAL which keeps old sessions around, causing a memory leak –

[UNDERTOW-657] HttpSession never removed from activeSessions – JBoss Issue Tracker

The fix is to replace the Undertow modules that come with Wildfly 10 with the latest stable release versions. You can find more details here – https://developer.jboss.org/message/959286#959286

Now my application works as expected with no memory leak or abnormal numbers of session objects.

By Devon|2016-06-28T15:41:00-07:00June 28th, 2016|JBoss|9 Comments

About the Author: Devon

I am an entrepreneur, traveler, speed demon, and so much more

9 Comments

Anonymous July 15, 2016 at 5:37 am - Reply

10 minutemail new web dont work for me. Please come to the old web.
Please, dont change the good work.
Whosurrubber August 4, 2016 at 12:50 pm - Reply

Great looking new face on 10minute mail! Noticed the countdown clock doesn’t scale down when the window size is reduced (Firefox 47.0). Hardly a big deal, tho!
Anymouse September 3, 2016 at 10:22 am - Reply

Great job! Is not, however, playing nice with TOR browser as Captcha fails.

Is there a TOR friendly version possible?
- Devon November 27, 2016 at 6:52 am - Reply
  
  That is related to CloudFlare and not a site-specific thing. I’ve just enabled a TOR related config change that should help the situation though. Let me know if it helps!
Craig April 21, 2017 at 9:29 am - Reply

When I send a message to the 10minute email address it bounces back as not found.
- Devon April 22, 2017 at 7:29 am - Reply
  
  It seems to be working for me. Are you sure you sent it while the address was still active?
Piotr January 31, 2018 at 10:04 am - Reply

Hi Guys
I have same problem with Jboss 7 EAP (wildfly 10). Already applied fixpack 7.0.9 but still HttpSessionImpl stays in Heap. Is there official solution for Jboss 7 eap? Is there any configuration to terminate this session (some limit)? Thx
Gerald March 19, 2018 at 10:16 am - Reply

We see the issue in JBOSS 7.0.4 too. Did anyone every get a solution to this for JBOSS 7 EAP?
Gerald March 20, 2018 at 7:26 am - Reply

Just in case anyone else encounters an issue with a session memory leak on jboss 7 with Oracle Commerce 11.3, you can get a patch for it from Oracle Support.