The only real disadvantage is that you are making your memory footprint larger, but that can cause other sorts of situations (OutOfMemoryExceptions, making garbage collection take longer and potentially eat up more CPU, etc). Of course you could always just increase the memory allocated to the JVM.
If the user object is the only thing in the session and its relatively light-weight, its probably not a big deal. If the user object is mid sized or larger, or you are storing other things in the session expect to see a noticable memory increase. -----Original Message----- From: Tim Courtney [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 7:17 PM To: Orion-Interest Subject: long sessions I have kind of a general app server question: I have a servlet that puts a user object into session ------------- HttpSession session = req.getSession(true); session.setAttribute("user", user); ------------- We use this object to check if a visitor has logged into the web site or not My boss has asked me to increase the timeout of this session to 8 hours !!! Apart from the obvious security issue, I was wondering about the load on the server. Is holding too many session at once a common cause of server failure ? I can't really give details about the number of users, but assume there will be a few hundred at any one time. The hardware specs of the app server are about mid range. thanks
