Re: [OT] What can prevent sessions from timeouting apart from real requests
Hi, actually the issue got resolved. The system in question wasn't tomcat but jboss (hence the offtopic) and in particular undertow. Undertow seems to have completely different session expiration handling than tomcat, they actually prolong expiration timestamp every time an attribute is accessed... Thanks for the insights! Leon On Mon, Aug 27, 2018 at 9:07 AM Jäkel, Guido wrote: > Dear Leon, > > I suggest to use the Tomcat Manager Application to investigate the session > data: > > * Use the Session Display (/manager/html/sessions?path=/foo) to take a > look on the different Timers (Creation Time, Last Accessed Time, Used Time, > Inactive Timemm,TTL) or even the session data > > * Use the Connector Scoreborads on the Server Status Display > (/manager/status) to detect stuck requests. I'm not sure if a stuck request > may prevent a session cleanup (especially of "other" sessions) > > Another approach may be to snapshot a memory dump and investigate the > session objects, e.g. with the Eclipse Memory Analyze Tool (aka MAT). > > Greetings > > Guido > > >-Original Message- > >From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] > >Sent: Friday, August 24, 2018 11:25 AM > >To: Tomcat Users List > >Subject: [OT] What can prevent sessions from timeouting apart from real > requests > > > >Hi, > > > >one of the systems we are consulting has encountered a strange problem. > The > >sessions will build up indefinitely but never expire. Then, at one point > >(at 02am in the night, 19K sessions would drop at once). > >Of course the simplest explanation would be that someone is actively > >requests something every 15 minutes (session timeout) keeping track of the > >JSESSIONID. We are trying to track this through the access_log and such. > >However, my question, is it possible to prevent session from timeouting by > >doing something stupid code-wise? Like storing a session in a hashmap > >somewhere, and accessing some attributes from time to time? My > >understanding was that the session timeout is solely dependent on incoming > >requests and handled by the container, but I was not 100% sure ;-) > > > >Thanks in advance > >Leon >
RE: [OT] What can prevent sessions from timeouting apart from real requests
Dear Leon, I suggest to use the Tomcat Manager Application to investigate the session data: * Use the Session Display (/manager/html/sessions?path=/foo) to take a look on the different Timers (Creation Time, Last Accessed Time, Used Time, Inactive Timemm,TTL) or even the session data * Use the Connector Scoreborads on the Server Status Display (/manager/status) to detect stuck requests. I'm not sure if a stuck request may prevent a session cleanup (especially of "other" sessions) Another approach may be to snapshot a memory dump and investigate the session objects, e.g. with the Eclipse Memory Analyze Tool (aka MAT). Greetings Guido >-Original Message- >From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] >Sent: Friday, August 24, 2018 11:25 AM >To: Tomcat Users List >Subject: [OT] What can prevent sessions from timeouting apart from real >requests > >Hi, > >one of the systems we are consulting has encountered a strange problem. The >sessions will build up indefinitely but never expire. Then, at one point >(at 02am in the night, 19K sessions would drop at once). >Of course the simplest explanation would be that someone is actively >requests something every 15 minutes (session timeout) keeping track of the >JSESSIONID. We are trying to track this through the access_log and such. >However, my question, is it possible to prevent session from timeouting by >doing something stupid code-wise? Like storing a session in a hashmap >somewhere, and accessing some attributes from time to time? My >understanding was that the session timeout is solely dependent on incoming >requests and handled by the container, but I was not 100% sure ;-) > >Thanks in advance >Leon
Re: [OT] What can prevent sessions from timeouting apart from real requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leon, On 8/24/18 05:25, Leon Rosenberg wrote: > one of the systems we are consulting has encountered a strange > problem. The sessions will build up indefinitely but never expire. > Then, at one point (at 02am in the night, 19K sessions would drop > at once). Of course the simplest explanation would be that someone > is actively requests something every 15 minutes (session timeout) > keeping track of the JSESSIONID. We are trying to track this > through the access_log and such. However, my question, is it > possible to prevent session from timeouting by doing something > stupid code-wise? Like storing a session in a hashmap somewhere, > and accessing some attributes from time to time? My understanding > was that the session timeout is solely dependent on incoming > requests and handled by the container, but I was not 100% sure ;-) A few ideas: 1. The background thread has died. Probably not, as the sessions eventually expire... just way later than expected. Also, the background thread would not be running anymore, which I think you would have noticed. 2. Some process has blocked the background thread. For example, a very long-running HttpSessionListener.sessionDestroyed method. I'm guessing you would have already noticed a stuck background thread, though. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluDPOYACgkQHPApP6U8 pFjOJw/8CGIxOEEWKd1rk28PcErF6LPvDBQLVTECO+miQt8SoJPzuwpICnX/mPut IliUdiPTSPplb7CHr1vsMfLGrVxOo1fD7xuQ22lMVFD8B23pe6WXwTreUnzJouDw pO9rV2mhjc6x1OaE29iCyFqbCNsswANdRcLrFAkAkdDc/ZlY1tw4VrnXPKG+uaQD sJP1lei0poek5ZOvMvG87JMC8Pe7veuUSKvO1c1q+NL3MAuI/XZWTaiJ7SRSj8JW m2paNQX+9/neHZZ0mOAuAjXTqllLGnThQTNCyaqqtXtqk4TftHYp5Tz9hBhXSXh3 +gEzbPMp5m5tWXCpdrXIFqqEArDgUpWpNGijgmMhE9e+eTYvEuadA+rMIeOr4IVO CI2QQCVzZ2vOqMd9Xa/ii0gyOjjZMYUf7qxLqBxZ6NxIFnXr+MJXBGVuFe5hvsdX hcAuzkTy9rt6pgAO6O+5YUD7d6KRCjg4bHP1614bcZgsPiwNT98ECJq22FhiEDFF l8zb7svG56qWFvsIkXAGVKSC5FT8NO9XFS9soMfIxZi0GVQS9z6qRbNDoKeO6gfI e9S+Rd7a/kogTODSBsoGl1pK/5DLF1uPLyE0HLHnvfFTgnvPU0hJy94xDQ9tiAA9 iCA9EaIak3nxy/7qAONpgEghkXHplk94ObGzZ3qj3TW0x7h4uMk= =3Wbc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] What can prevent sessions from timeouting apart from real requests
Hi, one of the systems we are consulting has encountered a strange problem. The sessions will build up indefinitely but never expire. Then, at one point (at 02am in the night, 19K sessions would drop at once). Of course the simplest explanation would be that someone is actively requests something every 15 minutes (session timeout) keeping track of the JSESSIONID. We are trying to track this through the access_log and such. However, my question, is it possible to prevent session from timeouting by doing something stupid code-wise? Like storing a session in a hashmap somewhere, and accessing some attributes from time to time? My understanding was that the session timeout is solely dependent on incoming requests and handled by the container, but I was not 100% sure ;-) Thanks in advance Leon
