Description | IST: When DHCP lease expires before the HTTP session expires, the Session/IP cache may contain IP addresses with orphaned Session ID, as exemplified in the following use-case:
- User does not explicitly logout of the Web App
- After device reboot or wake-up from hibernation, a different IP address is acquired from the renewed DHCP lease.
- User open Web App again, and the client side auth token give him an automatic login, with the newly acquired IP address.
- As a result, the session and user related to the old IP address are orphaned.
SOLL: Periodically prune orphaned IP addresses (whose session does not exist in cache). |
---|