On Tue, 2011-04-05 at 23:18 +0200, Andrea Aime wrote: > On Tue, Apr 5, 2011 at 12:40 PM, Robert Holland <[email protected]> > wrote: > > > > Hi all, > > > > I am using Geoserver 2.1 RC3 and it seems to be creating hundreds of web > > sessions. The problem is that many of these sessions are related to the > > same user. Sometimes there are thousands of sessions and it affects the > > performance in a noticeably way. We are accessing Geoserver by using a web > > client based on Openlayers developed by us. Somebody else is experiencing > > similar problems? > > > > I am monitoring the number of sessions by using the Tomcat Manager > > Application (Tomcat 6). > > This sounds like a serious issue. So far we've tried to do most of > what we do without creating > a session, knowing well it's an expensive operation. As far as I know > the only thing that creates > sessions "by design" is a interactive login the web ui itself, but the > OGC services code should not do that. > > Unfortunately from time to time code creeps in that tries to access or > use the session, thus creating > a session per request. > Can you tell us if you have specific plugins installed? > Did you notice what kind of operation is creating the sessions?
I am far from an expert in the geoserver security system, but this caught my attention. In main's applicationSecurityContext we have the following path to security chain mapping : .... /wcs/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor /rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor /gwc/rest/web/**=anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor /gwc/rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor /**=httpSessionContextIntegrationFilterWithASCTrue,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor My read is that anything that's not in the above paths (usual services and gwc/rest) maps to httpSessionContextIntegrationFilterWithASCTrue (i.e: httpSessionContextIntegration With Auto Session Create == True) That's ok for /web/**, but does that also mean that /gwc/service/wms is creating a session per request? If so, and pardon if I got it totally wrong, wouldn't it be better to default to AutoSessionCreate == false and explicitly tell which paths map to ASC==true? like in for /web/**, not sure what else. Cheers, Gabriel > > Cheers > Andrea > -- Gabriel Roldan [email protected] Expert service straight from the developers ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
