Session Management Refactoring, Performance Optimization, and Race Condition Fixes

[dmytro-landiak]

Pull Request description

This PR introduces major improvements to the Client Session management flow. The primary focus is on performance optimization (reducing memory allocation/GC pressure), fixing race conditions during high-concurrency scenarios (specifically client takeover), and ensuring cluster consistency.

It also introduces a robust mechanism for handling "ghost" sessions and refactors the RateLimitService for better encapsulation.

🚀 Key Changes

⚡ Performance & Memory Optimization

• Reduced Garbage Generation: Major refactoring of session management to maximize object reuse and significantly lower memory footprint.
• Optimized Disconnect Handling: Prevented processing of double/redundant disconnect messages during client session takeovers, reducing unnecessary request generation.
• Persistent Client Optimization: Improved the connect flow for persistent device clients to avoid unnecessary clearance of persistent messages.

🔒 Concurrency & Race Conditions

• Session Limits: Fixed race conditions in session limit and application client limit quota checks by moving logic to the correct execution phase.
• Sequential Limit Accounting: Ensured session limits are incremented/decremented in a strict sequential order per clientId to prevent accounting errors during concurrent access.
• Auth Persistence: Fixed race conditions in Basic, X.509, JWT and SCRAM auth provider persistence (save/remove operations) when the same client performs a takeover.
• Client Session Details Consistency: Fixed race conditions regarding the persistence and clearance of MQTT client versions and credentials.

🌐 Cluster Consistency & Reliability

• Ghost Session Management: Introduced a forceful client session cleanup mechanism (and state correction) to resolve "ghost" sessions effectively.
• Cluster View Sync: Fixed an issue where different TBMQ nodes in the cluster could hold inconsistent views of active sessions.
• Disconnect Reasons: Improved logic to correctly propagate disconnect reasons and connection failure codes to the client.

🛠 Refactoring & Design

• Client Flow Improvements: General improvements to the internal connect and disconnect logic flows.
• RateLimitService: Refactored to strictly expose business logic methods while encapsulating internal processing logic.

General checklist

• You have reviewed the guidelines document.
• Labels that classify your pull request have been added.
• The milestone is specified and corresponds to fix version.
• Description references specific issue.
• Description contains human-readable scope of changes.
• Description contains brief notes about what needs to be added to the documentation.
• No merge conflicts, commented blocks of code, code formatting issues.
• Changes are backward compatible or upgrade script is provided.

Front-End feature checklist

• Screenshots with affected component(s) are added. The best option is to provide 2 screens: before and after changes;
• If you change the widget or other API, ensure it is backward-compatible or upgrade script is present.

Back-End feature checklist

• Added corresponding unit and/or integration test(s). Provide written explanation in the PR description if you have failed to add tests.
• If new dependency was added: the dependency tree is checked for conflicts.