Description from Stuart:
This is a new potential fix for
WFSSL-51. The previous fix needs to be reverted in the native code.
There are two ways sessions can be removed from the cache, either by timeout/cache size limits being exceeded, or by explicitly calling invalidate from the java code.
The old fix would call SSL_SESSION_free in the remove callback, which worked for the timeout case, but in the invalidate case the session had already been freed.
This new approach will hopefully work better.