Developer Guide

  • 10/27/2020
  • Public Content

Abandoned Sessions

Intel® DAL allows for a limited number of trusted applications and sessions that can be installed or created by the virtual machine (VM). In some cases, client service resources can be occupied and never released due to:
  • Denial of service attack
  • Application entering an infinite loop and therefore not closing or removing the sessions or trusted applications.
  • Application crashing and therefore not closing or removing the sessions or trusted applications.
  • A misuse of the client service API,e.g., not calling the CloseSession API when finishing using a session.
In such cases, the application is preventing other applications from using other sessions, due to the Max Sessions capacity limit. Therefore, the client service tries to detect whether an application has crashed or exited without releasing its resources so that it can perform cleanup, release the session handle and remove the abandoned sessions from the VM if needed.
To enable the client service to do this, it stores the application information [Process ID + Creation Timestamp] when the application is initialized. This allows the identification of crashed applications only and not modules within an application(like a plugin in a browser), unless it runs as a separate process.
Whenever an application calls one of the following APIs, the client service performs an abandoned session cleanup:
  • JHI_Install2
  • JHI_CreateSession
  • JHI_Uninstall
  • JHI_GetAppletProperty
    (in case the trusted application was not loaded in the VM)
Note: Applications should not rely on this cleanup mechanism and must call JHI_CloseSession with each session handle that they have when they are finished with the session handle.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at