When the session timeout occurs, the Seam cleanup code is called in a thread that is not authenticated
=> the call to CoreInstance.getInstance.close() fails because of the underlying call to DocumentManagerBean.destroy that is not allowed ( EJB3 security interceptor blocks the unauthentciated call).
This result in a leak :
- We have a coreSession that is not released
=> static map in CoreInstance is not freed
==> may result in a OutOfMemoryError in PermGen
=> we leak an EJB3
==> one DocumentManagerBean passivated on disk that will never be cleared
Unless we find a clean way to bypass EJB3 security (since @PermitAll does nothing) the only walkaround is to open a SystemLogin.