We noticed that the Old Gen Heap memory is getting filled up in JVM of our AEM instances at regular intervals. As a result, our instances were going into high CPU utilization mode when GC was triggered. After analysis of the heap dump we found that there is a huge accumulation of session objects under “org.eclipse.jetty.server.session.SessionData”. Web Sessions are not being cleared from server runtime memory.
Our current site is only for logged-in users where the sign in is based on SSO. In the session we store the user information. It is created when user logs in and is invalidated when he logs off. We believe the session object pile up is because users don’t explicitly log-off, so the invalidate method is not called. We tried “Session Timeout” setting in “/system/console/configMgr” under 'Apache Felix Jetty Based Http Service”, but it does not help.
Any advice or inputs on this scenario is highly appreciated.
If the Jetty Session Timeout isn’t helping then it might be something resetting the JSESSIONID cookie so a new session is generated per request. You might debug if the value is changing per request. Also, investigate your code to see if you even need JSP sessions. If you don’t, then disable it in your code or in the jetty config default setting.