Re: Phantom Sessions
On 03.09.2010 00:20, Paul Szynol wrote: Hi, Chris, Thanks for your response. I do get those requests, but it seems they always generate standard user agent information, which I then store in the associated session object. These session objects don't have any user agent information--that's why I am wondering if they're generated internally. You could log a stack trace in those cases and look up the call stack, which might add information about why this happens. To keep output low, you would only produce the info, if the UA is empty. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Phantom Sessions
I've recently noticed phantom session objects on one of my Tomcat webapps. These sessions have no IP addresses and their sole URI request is always for /. I am not sure if this is a sign of a problem, or how to trace it--has anyone else encountered something similar? Best wishes, Paul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Phantom Sessions
From: Paul Szynol [mailto:paul.szy...@gmail.com] On Behalf Of Paul Szynol Subject: Phantom Sessions I've recently noticed phantom session objects on one of my Tomcat webapps. Tomcat version? What are you using to observe these sessions? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Phantom Sessions
I don't have the minor version information, but it's Tomcat 6. Each session object is added to a ConcurrentHashMap when SessionListener's sessionCreated() is invoked. Best, Paul On 9/2/10 5:01 PM, Caldarale, Charles R wrote: From: Paul Szynol [mailto:paul.szy...@gmail.com] On Behalf Of Paul Szynol Subject: Phantom Sessions I've recently noticed phantom session objects on one of my Tomcat webapps. Tomcat version? What are you using to observe these sessions? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Phantom Sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 9/2/2010 5:10 PM, Paul Szynol wrote: I don't have the minor version information, but it's Tomcat 6. Each session object is added to a ConcurrentHashMap when SessionListener's sessionCreated() is invoked. You likely have a default page (responds to requests for /) that is a JSP without a session=false header. That means that the session is, by default, created. That means anyone visiting your website and then wandering away -- including robots, screen-scrapers, and search indexers -- gets a session that sticks around for a long time and does nothing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyAIB0ACgkQ9CaO5/Lv0PCJ7gCghs2t7oG73AT5AsOu9BmqhweT DI0An3/aSTrqL+btt9fBHSOZnC2kfLsy =1k2w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Phantom Sessions
Hi, Chris, Thanks for your response. I do get those requests, but it seems they always generate standard user agent information, which I then store in the associated session object. These session objects don't have any user agent information--that's why I am wondering if they're generated internally. Best, Paul On 9/2/10 6:07 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 9/2/2010 5:10 PM, Paul Szynol wrote: I don't have the minor version information, but it's Tomcat 6. Each session object is added to a ConcurrentHashMap when SessionListener's sessionCreated() is invoked. You likely have a default page (responds to requests for /) that is a JSP without a session=false header. That means that the session is, by default, created. That means anyone visiting your website and then wandering away -- including robots, screen-scrapers, and search indexers -- gets a session that sticks around for a long time and does nothing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyAIB0ACgkQ9CaO5/Lv0PCJ7gCghs2t7oG73AT5AsOu9BmqhweT DI0An3/aSTrqL+btt9fBHSOZnC2kfLsy =1k2w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Phantom Sessions
On 02/09/2010 23:20, Paul Szynol wrote: Hi, Chris, Thanks for your response. I do get those requests, but it seems they always generate standard user agent information, which I then store in the associated session object. These session objects don't have any user agent information--that's why I am wondering if they're generated internally. Not all bots are well behaved. How many are being created? p Best, Paul On 9/2/10 6:07 PM, Christopher Schultz wrote: Paul, On 9/2/2010 5:10 PM, Paul Szynol wrote: I don't have the minor version information, but it's Tomcat 6. Each session object is added to a ConcurrentHashMap when SessionListener's sessionCreated() is invoked. You likely have a default page (responds to requests for /) that is a JSP without a session=false header. That means that the session is, by default, created. That means anyone visiting your website and then wandering away -- including robots, screen-scrapers, and search indexers -- gets a session that sticks around for a long time and does nothing. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Phantom Sessions
Hey, Pid, A few a day. Seems fairly random, which would support the bot theory. But the sessions don't show up in batches, which is the behavior I typically see from bots. Paul On 9/2/10 7:27 PM, Pid wrote: On 02/09/2010 23:20, Paul Szynol wrote: Hi, Chris, Thanks for your response. I do get those requests, but it seems they always generate standard user agent information, which I then store in the associated session object. These session objects don't have any user agent information--that's why I am wondering if they're generated internally. Not all bots are well behaved. How many are being created? p Best, Paul On 9/2/10 6:07 PM, Christopher Schultz wrote: Paul, On 9/2/2010 5:10 PM, Paul Szynol wrote: I don't have the minor version information, but it's Tomcat 6. Each session object is added to a ConcurrentHashMap when SessionListener's sessionCreated() is invoked. You likely have a default page (responds to requests for /) that is a JSP without a session=false header. That means that the session is, by default, created. That means anyone visiting your website and then wandering away -- including robots, screen-scrapers, and search indexers -- gets a session that sticks around for a long time and does nothing. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org