I have the same problem. Java 1.5_08, Tomcat 5.5.20. Issue also happened with JDK 1.4.2 and Tomcat 5.5.12
Our session timeout is set to 20 minutes and most of the time it works fine. At any given moment we have around 2000 active sessions, and we get around 10 that won't timeout every hour. We monitor the application with Lambda Probe (formerly tomcat probe). We can see dozens of sessions with an idle time > 20 minutes and an 'expiry time' that's quite a while in the past. Lambda probe allows us to manually expire the overdue sessions; but it's something we have to do daily or our memory consumption grows unbounded as the sessions never die. What was the issue from 5.5.17 and how might I fix it? Is occasional session expiration failure a known issue? Any help or direction is greatly appreciated. -- John Hayward
