• Post Reply Bookmark Topic Watch Topic
  • New Topic

Preventing implicit sessions

 
Allen Bandela
Ranch Hand
Posts: 128
Eclipse IDE MS IE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Our application currently uses a "Change User" button that invalidates the current session and redirects the user to the login.jsp page. A monitoring tool checks the availability of the application every few minutes by signing in and finally clicking Change User. We have been facing 'out of swap space' issue recently with the JVM footprint overflowing into swap. We are still researching that issue. But, in order to avoid any unwanted memory usage, we think we should avoid the implicit sessions possibly being created when Change User is clicked. Obviously the new idle session created when login.jsp is rendered would stay in memory for the 1 hr default period before being invalidated. So, I'm thinking of sending just static html in the response instead of redirecting to login.jsp . With this I believe that no implicit sessions would be created just by clicking 'Change User'. I searched google to see if there is a best practice for this , but didn't find any. Any advise please?

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's probably correct. OTOH, the creation of a few dozen empty sessions really shouldn't be using all your memory, either.
 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
You could invalidate the session in the login.jsp page itself ,this could be done by
<%
if(session!=null)
session.invalidate();
%>
HTH
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Abhijit Rai wrote:
You could invalidate the session in the login.jsp page itself


You are totally wrong
 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You are totally wrong

kindly do explain ...
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Abhijit : What to explain?... dont you think it is very poor and ugly way of invalidate the session?
 
Ernest Friedman-Hill
author and iconoclast
Sheriff
Posts: 24213
35
Chrome Eclipse IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Personally I don't see anything wrong with it, beyond generally wanting to avoid scriptlets in JSPs. Preferably, there'd be a controller that invalidated the session before serving login.jsp, instead.

Anyway, what's so "very poor and ugly" about it, beyond that?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!