Skip to content

fix: harden core memory session handling#12366

Merged
f2c-ci-robot[bot] merged 1 commit intodev-v2from
fix/core-memory-session-hardening
Mar 30, 2026
Merged

fix: harden core memory session handling#12366
f2c-ci-robot[bot] merged 1 commit intodev-v2from
fix/core-memory-session-hardening

Conversation

@ssongliu
Copy link
Copy Markdown
Member

@ssongliu ssongliu commented Mar 30, 2026

No description provided.

@f2c-ci-robot
Copy link
Copy Markdown

f2c-ci-robot bot commented Mar 30, 2026

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d96c570ad3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

core/init/session/psession/psession.go
Comment on lines +160 to +162
if windowSeconds > 300 {
windowSeconds = 300
}
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove five-minute cap from refresh window

RefreshIfNeeded is now the only place that extends session TTL in SessionAuth and proxy checks, but refreshWindow hard-caps refreshes to 300 seconds. With common values like SessionTimeout=86400, any user activity pattern that does not hit the last 5 minutes of each 24-hour window (for example, periodic requests every 10+ minutes) will still be logged out despite ongoing use, which regresses the previous sliding-expiration behavior that refreshed on every authenticated request.

Useful? React with 👍 / 👎.

core/init/session/psession/psession.go
Comment on lines +88 to +90
p.sessions[sessionID] = sessionItem{
User: user,
ExpiredAt: expiredAt,
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Bound in-memory session map growth

The new in-memory store inserts a session entry on every new login/session ID without any global size limit or eviction policy. Because entries live for ttlSeconds (default is long) and login creates fresh IDs, repeated successful logins (e.g., automated clients not reusing cookies) can grow p.sessions unbounded and drive memory pressure/OOM in the API process.

Useful? React with 👍 / 👎.

wanghe-fit2cloud
wanghe-fit2cloud reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@wanghe-fit2cloud wanghe-fit2cloud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm label Mar 30, 2026
@wanghe-fit2cloud
Copy link
Copy Markdown
Member

wanghe-fit2cloud commented Mar 30, 2026

/approve

@f2c-ci-robot
Copy link
Copy Markdown

f2c-ci-robot bot commented Mar 30, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wanghe-fit2cloud

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot merged commit b5aba18 into dev-v2 Mar 30, 2026
3 checks passed
@f2c-ci-robot f2c-ci-robot bot deleted the fix/core-memory-session-hardening branch March 30, 2026 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wanghe-fit2cloud wanghe-fit2cloud wanghe-fit2cloud left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@zhengkunwang223 zhengkunwang223 Awaiting requested review from zhengkunwang223

Assignees

@wanghe-fit2cloud wanghe-fit2cloud

Labels

approved dev-v2 do-not-merge/release-note-label-needed lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ssongliu @wanghe-fit2cloud @1Panel-bot