Note that there is an issue with the 2022 R2 and 3 Xojo WebApps where sockets and sessions sometimes stay open even after they should close. See https://tracker.xojo.com/xojoinc/xojo/-/issues/69982 This could cause a buildup of CPU usage under normal traffic, even without any malicious users. If you have access, you may want to test out the latest beta version of Xojo.
Thank you Mike D, I just deployed an update using the latest pre-release.
My WebApp was running at 1.5GB and 1 million objects in memory after 12 hours.
I have now implemented a full memory report screen to see where are the memory leaks.