All ApplicationLifecycle starts should be always ended to prevent idm session leak.
We noticed in some cases that The ApplicationLifeCycle isn't closed :
This case appears In /webui/portlet/src/main/java/org/exoplatform/webui/application/portlet/PortletApplication.java in these methods :
- serveResource(ResourceRequest req, ResourceResponse res)
- processEvent(EventRequest req, EventResponse res)
- processAction(ActionRequest req, ActionResponse res)
PS : In the comment of the method serverResource(), it's already mentioned that "onEndRequest()" call should be invoqued in the finally block.