Re: Large number of active sessions
David Wall wrote: I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after I've been monitoring one of our public apps using Lambda Probe and we don't seem to suffer from the problem, on tc5.5.17. We have our session timeout set to 15 mins by default, which increases to 30 if the user authenticates. (We also do some server-side validation with javascript on our forms which keeps the session alive while they fill the form out.) How much of your app is in the public domain, and how much in places that bots can't get to? they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form. As an aside: if time is an issue with users failing to complete forms inside the session period, you could put explicit onpage notification of the period within which they must complete the form. A little Javascript would do the trick. regards, Pid David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: I'm sorry that I didn't express myself in a clear manner. I was simply saying that the jsessionid doesn't appear when bots access pages that have sessions in them (in my case), but I'm not concerned with it as it doesn't affect anything. I worked it out after i'd had a coffee, I was just being dense. :) I think the only way to be sure what's going on would be to monitor what's being set in the response headers for bots. If there's a 'Set-Cookie' header it would explain why there's no redirect URL encoding. Whether the bot then sends the cookie back to maintain the session is a different matter of course... rgds, p -Regards Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, February 8, 2007 8:46:22 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Thanks for explaining, I looked at some of the access log archives where I used
the %{Cookie}i in the pattern, and for the bots it shows as -, but for
browser access it shows the cookie information.
See the _ at the end of this is the cookie information from Googlebot
127.0.0.1 - [11/Sep/2006:12:06:36 -0800] GET /index.jsp HTTP/1.1 200 13165
- Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
-
At the end of this the cookie string is from a IE 6.0 browser
127.0.0.1 - [11/Sep/2006:12:07:00 -0800] GET /index.jsp HTTP/1.1 200 6818 -
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322;
InfoPath.1) __utma=119444884.1604301826.1157946192.1157960979.1157976677.6;
__utmz=119444884.1157961053.5.5.utmccn=(organic)|utmcsr=google|utmctr=searched+key+word|utmcmd=organic
But earlier you had mentioned something about HTTP/1.1 capable agent, another
sample of the access log shows that the bots are HTTP/1.1 capable - sorry I
don't have the custom pattern used here, since I kept changing it often.
66.249.66.198 HTTP/1.1 - [31/Oct/2006:22:04:59 -0800] GET /index.jsp
HTTP/1.1 200 8622 - Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html)
74.6.75.14 HTTP/1.1 - [31/Oct/2006:22:04:44 -0800] GET /robots.txt HTTP/1.1
200 273 - Mozilla/5.0 (compatible; Yahoo! Slurp;
http://help.yahoo.com/help/us/ysearch/slurp)
64.4.8.116 HTTP/1.1 - [31/Oct/2006:17:50:19 -0800] GET /robots.txt HTTP/1.1
200 273 - msnbot/1.0 (+http://search.msn.com/msnbot.htm)
In the above cases index.jsp is using sessions, and so are almost all other JSP
pages on the web app.
So since bots are HTTP/1.1 capable that might explain why I don't see
jsessionid appended to the jsp pages in the access logs.
-Rashmi
- Original Message
From: Pid [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Friday, February 9, 2007 7:10:49 AM
Subject: Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote:
I'm sorry that I didn't express myself in a clear manner. I was simply saying
that the jsessionid doesn't appear when bots access pages that have sessions
in them (in my case), but I'm not concerned with it as it doesn't affect
anything.
I worked it out after i'd had a coffee, I was just being dense. :)
I think the only way to be sure what's going on would be to monitor
what's being set in the response headers for bots. If there's a
'Set-Cookie' header it would explain why there's no redirect URL encoding.
Whether the bot then sends the cookie back to maintain the session is a
different matter of course...
rgds,
p
-Regards
Rashmi
- Original Message
From: Pid [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, February 8, 2007 8:46:22 AM
Subject: Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote:
I agree that many have experienced the jsessionid on URLs accessed by bots,
perhaps it happens in a Struts environment or some other environment.
In certain set-ups (only JSPs, no servlets, no MVC - session is removed and
created freshly on each JSP page) the jsessionid doesn't appear on URLs
accessed by bots like Googlebot even when the JSP page uses sessions, and
that confuses me. I've verified the absense of jsession id in the URLs
accessed by Googlebot in the server logs.
This inconsistent appearance of jsessionid for certain set-ups doesn't
bother me, it's just a matter of curiosity.
hi rashmi,
i'm not sure what you're saying; are you asking a question?
-Rashmi
- Original Message
From: Pid [EMAIL PROTECTED]
Some bots also use sessions.
I disagree, the bot has no capability to decide to use a session.
A bot would only appear to use a session if it was HTTP/1.1 capable, and
was handling cookies or encoded URLs properly.
Most bots get pages asynchronously, I've observed Googlebot hitting url
encoded pages with jsessionids generated days beforehand, during a
previous index run. This will trigger a new session as a result, but
may account for apparently older creation dates appearing the list of
active/recent session.
(A guess: I don't know enough about the internals of Tomcat to be sure
of that.)
p
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: So since bots are HTTP/1.1 capable that might explain why I don't see jsessionid appended to the jsp pages in the access logs. ...and the cookie is only recorded when the client sends it, not when the server sets it, so it doesn't appear in the log. -Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 9, 2007 7:10:49 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I'm sorry that I didn't express myself in a clear manner. I was simply saying that the jsessionid doesn't appear when bots access pages that have sessions in them (in my case), but I'm not concerned with it as it doesn't affect anything. I worked it out after i'd had a coffee, I was just being dense. :) I think the only way to be sure what's going on would be to monitor what's being set in the response headers for bots. If there's a 'Set-Cookie' header it would explain why there's no redirect URL encoding. Whether the bot then sends the cookie back to maintain the session is a different matter of course... rgds, p -Regards Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, February 8, 2007 8:46:22 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
This message has been marked as Off-Topic with [OT] , so that it doesn't stand in the way of the main thread. Here's where one can report a bug : http://tomcat.apache.org/bugreport.html (unless it hasn't been reported already). -Rashmi - Original Message From: David Wall [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 9, 2007 1:00:02 PM Subject: Re: [OT]Re: Large number of active sessions I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=listsid=396546091 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
Rashmi Rubdi wrote: Google Analytics is Javascript based, it won't show bot activity. I concur. Further, if you've configured a new style xml sitemap with say hourly update instructions then bots will be crawling all over your site with much greater regularity. Analytics the javascript type logging tools are only useful for tracking human use - you'll need to monitor your server logs to get real traffic figures. Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p - Original Message From: Christer Nordvik [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; [EMAIL PROTECTED] Sent: Tuesday, February 6, 2007 3:46:12 PM Subject: Re: Large number of active sessions 1. Sure. But I have only 100 users. 2. Users: Google Analytics. Sessions: Tomcat manager 3. 5.5.17 4. Yes Guess I have to go the long way of creating my own session listener then, Had hoped there was an easy solution for this. 13000 sessions must indicate that something is very very wrong? I've never had more than 300 visitors according to Google Analytics... -Christer On 2/6/07, Pid [EMAIL PROTECTED] wrote: 1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT]Re: Large number of active sessions
I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
It seems that Tomcat 5.5.17 (and earlier) has had some sort of problem in timing out sessions. I'm not sure if it would clean itself up if the person really came back and did another HTTP transaction or not, but I've noted that Tomcat Manager will show sessions that are have been idle much longer than the session timeout value (based on the last access timestamp in the session). Our application also has a registered listener HttpSessionListener and we've seen that these old sessions do not trigger that callback either as we also list the session as active. As for suggestion (1), this won't matter and 30 minutes is the default. As for suggestion (4), this could clearly create extra sessions for those few who don't allow session cookies, but even those sessions should time out. David Pid wrote: 1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
You can also activate server logs to log both visitor and bot activity by configuring AccessLogValve : http://tomcat.apache.org/tomcat-5.0-doc/config/valve.html . Some bots take up a lot of sessions, you can verfiy this by running a program like Xenu Link Sleuth on your site. Then, you will be able to block certain bots by IP address or User Agent string. -Rashmi - Original Message From: David Wall [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, February 6, 2007 1:54:52 PM Subject: Re: Large number of active sessions It seems that Tomcat 5.5.17 (and earlier) has had some sort of problem in timing out sessions. I'm not sure if it would clean itself up if the person really came back and did another HTTP transaction or not, but I've noted that Tomcat Manager will show sessions that are have been idle much longer than the session timeout value (based on the last access timestamp in the session). Our application also has a registered listener HttpSessionListener and we've seen that these old sessions do not trigger that callback either as we also list the session as active. As for suggestion (1), this won't matter and 30 minutes is the default. As for suggestion (4), this could clearly create extra sessions for those few who don't allow session cookies, but even those sessions should time out. David Pid wrote: 1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
David Wall wrote: It seems that Tomcat 5.5.17 (and earlier) has had some sort of problem in timing out sessions. I'm not sure if it would clean itself up if the person really came back and did another HTTP transaction or not, but I've noted that Tomcat Manager will show sessions that are have been idle much longer than the session timeout value (based on the last access timestamp in the session). Our application also has a registered listener HttpSessionListener and we've seen that these old sessions do not trigger that callback either as we also list the session as active. As for suggestion (1), this won't matter and 30 minutes is the default. ... As for suggestion (4), this could clearly create extra sessions for those few who don't allow session cookies, but even those sessions should time out. If the OP is using a javascript based logging tool he may be not counting the bot traffic he gets, which could account for larger numbers of sessions than expected... David Pid wrote: 1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Wall wrote: It seems that Tomcat 5.5.17 (and earlier) has had some sort of problem in timing out sessions. I think it's still in 5.5.20, if this is the one you're talking about: http://issues.apache.org/bugzilla/show_bug.cgi?id=37356 I don't think this would be triggered, though, unless you had heavy load on the sessions themselves. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyNZQ9CaO5/Lv0PARArFfAJ9VroFKttkvzrWyVqH5nSSozEvywACfe6y7 RQ3q7XCoN5TU8nldQbyna9w= =Mf7m -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
1. Sure. But I have only 100 users. 2. Users: Google Analytics. Sessions: Tomcat manager 3. 5.5.17 4. Yes Guess I have to go the long way of creating my own session listener then, Had hoped there was an easy solution for this. 13000 sessions must indicate that something is very very wrong? I've never had more than 300 visitors according to Google Analytics... -Christer On 2/6/07, Pid [EMAIL PROTECTED] wrote: 1) Lower your session timeout. 2) How are you measuring/calculating statistics? 3) Which version of Tomcat? 4) Are you url encoding all of your links? Christer Nordvik wrote: Hi! I've got a website with pretty low traffic (200 visitors a day). Lately it's been very slow and when I look in Tomcat's manager it says that it has a lot of sessions. Once I had 13000(!) active sessions. The session timeout is set to 30 minutes. How can this happen? Isn't this something that Tomcat should handle itself? Can it be related to my code somehow? I have only basic JSP/Servlet stuff so nothing fancy going on. Any help would be very appreciated! -Christer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Large number of active sessions
I have the same problem. Java 1.5_08, Tomcat 5.5.20. Issue also happened with JDK 1.4.2 and Tomcat 5.5.12 Our session timeout is set to 20 minutes and most of the time it works fine. At any given moment we have around 2000 active sessions, and we get around 10 that won't timeout every hour. We monitor the application with Lambda Probe (formerly tomcat probe). We can see dozens of sessions with an idle time 20 minutes and an 'expiry time' that's quite a while in the past. Lambda probe allows us to manually expire the overdue sessions; but it's something we have to do daily or our memory consumption grows unbounded as the sessions never die. What was the issue from 5.5.17 and how might I fix it? Is occasional session expiration failure a known issue? Any help or direction is greatly appreciated. -- John Hayward
