Using hazelcast.http.sessions=sticky configuration causes OOM error due to stale HTTP sessions never getting destroyed. Setting server.session.timeout to a lower value doesn't help either.
This is reproducible on Data Center: yes
- Set hazelcast.http.sessions=sticky
- Set server.session.timeout=60
- Open an incognito window in the browser
- Login to Bitbucket application
- Close the incognito window without logout.
- Wait for more than 1 minute.
- Repeat this process few thousand times using a script or a selenium test.
The application should keep running without an error.
The login eventually fails due to an OOM error.
Use hazelcast.http.sessions=local and enable sticky sessions at the Load Balancer level. (This is the default value)