Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default tomcat session in debugger it says
(org.apache.catalina.session.StandardSessionFacade)
*That is just a single page and any page can potentially trigger session
cre*ation.
It is a multi page application we create and maintain our UserSession
object, which is used to auth on subsequent requests. The application is
working ok on many of our servers, but starts to generate jsessionid for
every request once the server goes in the problem state.
*It would be interesting to know if you need to clear both of these or
whether clearing just one is sufficient to resolve the issue. That might
narrow down potential root causes.*
I have requested the team to restart without removing work/temp will update
later in the week.
*You could try attaching a profiler and recording object allocations. That
should show you where/how sessions are being created.*
I don't think that is possible for a production server, but if we can get a
clue on how to reproduce this case.
We have a SessionListener, will add logging to it.
thanks,
Hamdan
