Hi, following up a report of GeoServer creating thousands of http sessions during "normal" operation I've built a tool to investigate the session creations and a patch that solves the session creations I've noticed.
The tool is a servlet filter that wraps the HttpServletResponse and logs the full stack trace of every call forcing the creation of a http session. It is included in this patch: http://jira.codehaus.org/browse/GEOS-4478 About the tool, it's quite handy in that it would allow someone else to also do this kind of debugging, on their own servers. I'm just undecided on how to integrate it: a) ship it in the code, but comment out its declaration in web.xml Whoever needs it just had to hand modify the web.xml to activate it b) ship it in the code and have it statically declared in the web.xml, and use a system variable to actually make it wrap the servlet request (otherwise make it a no-op) c) ship it and have it always on, any session creation outside of the web UI is something we want to be informed of asap anyways I'm tempted to go c), even when wrapping the tool is quite light unless there is indeed a session creation going on... how do people feel about this? Can someone double check/review the patch at http://jira.codehaus.org/browse/GEOS-4478 The other part of the work is the actual fix, using the tool I've found a couple of unexpected session creations, both due to the Spring Security integration not behaving quite like I hoped: http://jira.codehaus.org/browse/GEOS-4477 The patch fixes the issues I've seen and should result in greater scalability for applications that are using secured data layers and the "www" folder. However the testing I've made is quite on the light side (checked with some secured layers)... we'd need someone heavily using security to confirm the changes are not breaking anything else. Any takers? Cheers Andrea -- ------------------------------------------------------- Ing. Andrea Aime GeoSolutions S.A.S. Tech lead Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.youtube.com/user/GeoSolutionsIT http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ------------------------------------------------------- ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
