We noticed that the Old Gen Heap memory is getting filled up in JVM of our AEM instances at regular intervals. As a result, our instances were going into high CPU utilization mode when GC was triggered. After analysis of the heap dump we found that there is a huge accumulation of session objects under “org.eclipse.jetty.server.session.SessionData”. Web Sessions are not being cleared from server runtime memory.
Our current site is only for logged-in users where the sign in is based on SSO. In the session we store the user information. It is created when user logs in and is invalidated when he logs off. We believe the session object pile up is because users don’t explicitly log-off, so the invalidate method is not called. We tried “Session Timeout” setting in “/system/console/configMgr” under 'Apache Felix Jetty Based Http Service”, but it does not help.
Any advice or inputs on this scenario is highly appreciated.