Few days ago, the concurrent users of our wowza server is up to 25000.
But the network bandwidth is only 600Mbps.(1 connection max bitrate = 1Mbps)
It seems only 600 concurrent sessions on that time.

Then I tracked the wowza access log.

In most sessions, the session duration is too large but the data volume is too small.
We estimate session duration by httpSession.getTimeRunningSeconds() and data volume by httpSession.getIOPerformanceCounter().getMessagesOutBytes()

And some sessions are rejected by my authentication module.
But it does not call onHTTPSessionDestroy after 30 seconds.
The time it call onHTTPSessionDestroy will prolong 600~3000 seconds after I rejected it.

Accroding to above conditions,
I guess some http sessions had already stopped to transmit data but it did not call timeout immediately.

This situation occured twice when concurrent users raise high in a short time.
Is there any factor affet the http session timeout mechanism?