View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000290110000-004: ServicesSpecpublic2014-11-25 14:062014-12-19 18:49
ReporterRandy Armstrong Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.03 
Target Version1.03Fixed in Version1.03 
Summary0002901: CloseSession for Non-Activated Sessions must be Allowed
Description

Right now CloseSession calls must be rejected.
This is nonsensical and leads to apparent memory leaks during stress testing.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0002820 closedMatthias Damm 10000-004: Services Prerequesites of CloseSession unclear 
has duplicate 0003593 closedJouni Aro 10000-004: Services Clarify CloseSession on non-activated Session 
related to 0002917 closedAlexander Allmendinger Compliance Test Tool (CTT) Unified Architecture 1.03 specification clarifications for CloseSession 

Activities

Matthias Damm

2014-12-09 17:21

developer   ~0005682

Last edited: 2014-12-10 12:10

Agreement in UA call today:

Add a similar statement like this one for SecureChannel to the Session:

"Each SecureChannel exists until it is explicitly closed or until the last token has expired and the overlap period has elapsed. A Server application should limit the number of SecureChannels. To protect against misbehaving Clients and denial of service attacks, the Server shall close the oldest SecureChannel that has no Session assigned before reaching the maximum number of supported SecureChannels"

Allow CloseSession on not activated session.

Add issue to create a compliance test for the new statement and to change compliance test for CloseSession.

Matthias Damm

2014-12-16 12:39

developer   ~0005687

Added to 5.6.2 CreateSession:

A Server application should limit the number of Sessions. To protect against misbehaving Clients and denial of service attacks, the Server shall close the oldest Session that is not activated before reaching the maximum number of supported Sessions.

5.6.3 ActivateSession

Added clarification that CloseSession can be called on not activated sessions.

Added to 5.6.4 CloseSession:

When the CloseSession Service is called before the Session is successfully activated, the Server shall reject the request if the SecureChannel is not same as the one associated with the CreateSession request.

Jim Luth

2014-12-19 18:49

administrator   ~0005701

Reviewed in Tuesday telecon and agreed to close.

Issue History

Date Modified Username Field Change
2014-11-25 14:06 Randy Armstrong New Issue
2014-11-25 14:06 Randy Armstrong Status new => assigned
2014-11-25 14:06 Randy Armstrong Assigned To => Matthias Damm
2014-12-07 10:17 Matthias Damm Relationship added related to 0002820
2014-12-09 17:21 Matthias Damm Note Added: 0005682
2014-12-10 12:10 Matthias Damm Note Edited: 0005682
2014-12-10 12:10 Matthias Damm Note Edited: 0005682
2014-12-10 12:10 Matthias Damm Note Edited: 0005682
2014-12-16 12:39 Matthias Damm Note Added: 0005687
2014-12-16 12:39 Matthias Damm Status assigned => resolved
2014-12-16 12:39 Matthias Damm Resolution open => fixed
2014-12-16 12:47 Matthias Damm Relationship added related to 0002917
2014-12-19 18:49 Jim Luth Note Added: 0005701
2014-12-19 18:49 Jim Luth Status resolved => closed
2014-12-19 18:49 Jim Luth Fixed in Version => 1.03
2016-11-15 09:54 Jouni Aro Relationship added has duplicate 0003593