Win a copy of High Performance Python for Data Analytics this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

Handling of Invalid sessions by Tomcat Session Manager

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Basically tomcat comes with 2 Session Managers - StandardManager and PersistentManager. We can further define Store in a PersistentManager as FileStore and JDBCStore.
StandardManager persists sessions by default in `Sessions.ser` file across tomcat shutdown and restart. PersistentManager stores idle Sessions in `<sessionId>.session` file or `database`.

My question is how these Session Manager handles Sessions once they have persisted them in.ser file or in .session file or database and then got expired ?
Will tomcat clean them off regularly ?

1) So, next  time when tomcat upload the session from `Sessions.ser`, will it ignore or delete invalid sessions ?
2) For PersistentManager, once tomcat restarts, it will load sessions to memory again with invalid ones also ?
3) For PersistentManager, when will it clear those invalid sessions from `<sessionId>.session` file or `database` ?
 
Saloon Keeper
Posts: 23060
157
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think that's going to depend on what session manager you've got plugged in.

When a session times out or gets invalidated, the jsessionid for that session should have been removed from the session map, and if the session is not being abused, that would render it instantly available for garbage collection if in memory. I would hope that this deletion would also be reflected to the session manager which should then purge the persistent copy.

The real problem is what happens when Tomcat crashes and restarts with orphan sessions, and that's partly controlled, if I recall, by server.xml settings.

So I don't really know, and it has almost certainly evolved over the various releases of Tomcat. So I'd have to check on a per-release basis.

As for myself, I've just used the default manager and whenever I'm testing or otherwise paranoid, I erase everything under TOMCAT_HOME/work, TOMCAT_HOME/temp and TOMCAT_HOME/logs before restarting Tomcat, So that resolves the question for me Gordian-knot style.

Although I think on production servers, I've left the persistent sessions alone and they simply proceeded as though Tomcat had never gone down. Restarted or not, sessions do eventually time out anyway.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic