Re: Tomcat 8 Session Timeout

2015-09-08 Thread Theo . Sweeny
Hi Chris - I added this value to the Engine container - 

backgroundProcessorDelay="20"

This has made a big improvement  - there is much more frequent clear down 
of the sessions.

Is there a config setting for maximum session age?

The reason for asking is that in a REST stateless environment the concept 
is to tear down after each request is served. However - this may have 
performance implications for Tomcat. Are there any best practices papers / 
pointers for stateless setup?

Theo




From:   Christopher Schultz <ch...@christopherschultz.net>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   04/09/2015 18:39
Subject:    Re: Tomcat 8 Session Timeout



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/4/15 6:14 AM, theo.swe...@avios.com wrote:
> Hi Chris - the servlet spec states "If the time out is 0 or less,
> the container ensures the default behavior of sessions is never to
> time out."
> 
> Currently the timeout value is set to 2 minutes.
> 
> However the problem is persisting - the environment is using
> Jersery Servlet 1.3 for REST.
> 
> If we look inside web service stats -
> 
> Longest session alive time: 183 s / Processing time: 625 ms Longest
> session alive time: 207 s / Processing time: 232 ms
> 
> The current session timeout is set to 120 seconds, so neither of
> these above session times make any sense, unless a dependency is
> hanging?

Remember that the session timeout is not session age. If you have a
process which is touching the session more often than every 2 minutes
or so, then the session will live indefinitely.

Is the background processing thread still running? If it dies, your
sessions will never time out. Also, the background processing thread
is the thread that reaps old sessions... if you have the background
processor thread set to run infrequently, you'll see the behavior you
describe.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV6dciAAoJEBzwKT+lPKRYyogP+wfP5lNV8SxFTNDmiwLYxG/9
GnUxSQN8rQmWI6r1pl4UpWU+WFoUtL2BCTfnUuH2qP6Pg0KWn46P4Lon5XnThEqk
4mnHNCe4NYdGlw4rvVYgdy4zTP62hFvSm3ECb/QkZ1gcO1f8w4+0wqZh5k1g+0PQ
HkOg9SYSHRAUUKtG2YBPZWbEMnjKnkQKeKO3WjNBDLTbEU9mMyyJgZCsJCC4fmZa
sJN8yFW7JcG0jhhsEoBzYznT1dLxNliNs9kMiINoS1wWmIjHLHnHvaTDqDCE4Npd
VQh/ZrI7paRdVI4wOJ299CuZ4cpB9lxWEKi4vQAP5Jg/EgZrACrmZFnPMJG5np/v
lR2g+KCNxIvIpIlaGLbUOn4Ah0QMrfPEDFsLXHlYjfixdIrDjugbqdNnVYRvSOSt
LsR+xZcPOJ/ZiJCnD+2MK8dy8QYgq62oW8xpvald58x/gUk/uR8IuwdvswTIUVTV
+5k2YUcL+xcH1uEKHyMK3KCjty8aC+Rq+oEpkJjyFKJA1K0x161PIAdFq8P50VLn
rcJUjxTIcMP7hgg3BCQzdXH5qucVnFTlHNwKrX4MoT9LsGiraTOqhRt5EJLWBy+/
oYg3k/Vgkm2HzmRBuMGydv8RMNCq2hZaEXWDKoMtWRRvmYTOKcNC4nUiE/V8Dbr0
KaYwkgTvycLJzzohkMIn
=9riB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-04 Thread Theo . Sweeny
Hi Chris - the servlet spec states "If the time out is 0 or less, the 
container ensures the default behavior of sessions is never to time out."

Currently the timeout value is set to 2 minutes.

However the problem is persisting - the environment is using Jersery 
Servlet 1.3 for REST.

If we look inside web service stats -

Longest session alive time: 183 s / Processing time: 625 ms
Longest session alive time: 207 s / Processing time: 232 ms

The current session timeout is set to 120 seconds, so neither of these 
above session times make any sense, unless a dependency is hanging?

Theo



From:   Christopher Schultz <ch...@christopherschultz.net>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   03/09/2015 16:43
Subject:    Re: Tomcat 8 Session Timeout



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/3/15 8:28 AM, theo.swe...@avios.com wrote:
> Thanks Chris - that pointer is very helpful.
> 
> Can you clarify by setting session-timeout to 0, implies after 60
> seconds the session will expire or does it imply the same as -1,
> that sessions will not timeout?
> 
>  0 
> 

What does the servlet specification say about the values used there?
Hint: your assumptions are already wrong.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV6GptAAoJEBzwKT+lPKRYNC4P/0cuUR+RAyAHmWXcaQXIExai
VgACUHVxqajMxaBPwVjfap/DRH25COmqzvMo2Bj8KtviL3wIRR5CDxySUObVx14A
4skSKdO8L0MvYaSmx2GDFRNTQkRKRe2EoNivbuCwuT06W0dKr1V2gPXyqp2f9Hm8
GIOOiToU43MONBR2n0IM+F/UvbFxaHVLJoWEIXZ3PoGIcVk6scmGVrS8fp6BvXmw
xIWa0VWZuVTnJ0E32vVEuWNBnNSdwpnvQyR4dz5r+Ty/OATNeeYi9JiloBGlKPg0
j02bR8to+vZokGgRz+A1qxQZdmGFHxbsxgrWFNGRJz4MVuBT1kimBs4mq6yDWCg4
kC/lBEO/8QWGag2zuNW1s1oCI0jskEqTWd+PipNYAQSv/GGu7Tvpa5N6CUriePmH
3se/rJdiNlcI0S4AVJpnJ3d8kaxzOltlImP8VgBG5ep2FJH5kZ2biTtQRiHxXjUI
FCw+hR5mNKauTGiUKfwc4BVswD0QMa3ncDONtKmOcyirpEZDEapTk5Un1bKZ7pso
ZrmhcdhLO8BuK0EKyK4IoTiysyA43CJ+4Uu7MK8X8weJR74FyTKGBmg/5OqAypk+
QSc1BcEDv9JMH7tPI1Fcb412jGc0B9y/zMdQDcpSXp9Aw4CKl9bhJXY60GnjcxOH
LgyxvMq/UZnoYRAFGRxX
=//Bk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/4/15 6:14 AM, theo.swe...@avios.com wrote:
> Hi Chris - the servlet spec states "If the time out is 0 or less,
> the container ensures the default behavior of sessions is never to
> time out."
> 
> Currently the timeout value is set to 2 minutes.
> 
> However the problem is persisting - the environment is using
> Jersery Servlet 1.3 for REST.
> 
> If we look inside web service stats -
> 
> Longest session alive time: 183 s / Processing time: 625 ms Longest
> session alive time: 207 s / Processing time: 232 ms
> 
> The current session timeout is set to 120 seconds, so neither of
> these above session times make any sense, unless a dependency is
> hanging?

Remember that the session timeout is not session age. If you have a
process which is touching the session more often than every 2 minutes
or so, then the session will live indefinitely.

Is the background processing thread still running? If it dies, your
sessions will never time out. Also, the background processing thread
is the thread that reaps old sessions... if you have the background
processor thread set to run infrequently, you'll see the behavior you
describe.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV6dciAAoJEBzwKT+lPKRYyogP+wfP5lNV8SxFTNDmiwLYxG/9
GnUxSQN8rQmWI6r1pl4UpWU+WFoUtL2BCTfnUuH2qP6Pg0KWn46P4Lon5XnThEqk
4mnHNCe4NYdGlw4rvVYgdy4zTP62hFvSm3ECb/QkZ1gcO1f8w4+0wqZh5k1g+0PQ
HkOg9SYSHRAUUKtG2YBPZWbEMnjKnkQKeKO3WjNBDLTbEU9mMyyJgZCsJCC4fmZa
sJN8yFW7JcG0jhhsEoBzYznT1dLxNliNs9kMiINoS1wWmIjHLHnHvaTDqDCE4Npd
VQh/ZrI7paRdVI4wOJ299CuZ4cpB9lxWEKi4vQAP5Jg/EgZrACrmZFnPMJG5np/v
lR2g+KCNxIvIpIlaGLbUOn4Ah0QMrfPEDFsLXHlYjfixdIrDjugbqdNnVYRvSOSt
LsR+xZcPOJ/ZiJCnD+2MK8dy8QYgq62oW8xpvald58x/gUk/uR8IuwdvswTIUVTV
+5k2YUcL+xcH1uEKHyMK3KCjty8aC+Rq+oEpkJjyFKJA1K0x161PIAdFq8P50VLn
rcJUjxTIcMP7hgg3BCQzdXH5qucVnFTlHNwKrX4MoT9LsGiraTOqhRt5EJLWBy+/
oYg3k/Vgkm2HzmRBuMGydv8RMNCq2hZaEXWDKoMtWRRvmYTOKcNC4nUiE/V8Dbr0
KaYwkgTvycLJzzohkMIn
=9riB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-09-03 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/3/15 8:28 AM, theo.swe...@avios.com wrote:
> Thanks Chris - that pointer is very helpful.
> 
> Can you clarify by setting session-timeout to 0, implies after 60
> seconds the session will expire or does it imply the same as -1,
> that sessions will not timeout?
> 
>  0 
> 

What does the servlet specification say about the values used there?
Hint: your assumptions are already wrong.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV6GptAAoJEBzwKT+lPKRYNC4P/0cuUR+RAyAHmWXcaQXIExai
VgACUHVxqajMxaBPwVjfap/DRH25COmqzvMo2Bj8KtviL3wIRR5CDxySUObVx14A
4skSKdO8L0MvYaSmx2GDFRNTQkRKRe2EoNivbuCwuT06W0dKr1V2gPXyqp2f9Hm8
GIOOiToU43MONBR2n0IM+F/UvbFxaHVLJoWEIXZ3PoGIcVk6scmGVrS8fp6BvXmw
xIWa0VWZuVTnJ0E32vVEuWNBnNSdwpnvQyR4dz5r+Ty/OATNeeYi9JiloBGlKPg0
j02bR8to+vZokGgRz+A1qxQZdmGFHxbsxgrWFNGRJz4MVuBT1kimBs4mq6yDWCg4
kC/lBEO/8QWGag2zuNW1s1oCI0jskEqTWd+PipNYAQSv/GGu7Tvpa5N6CUriePmH
3se/rJdiNlcI0S4AVJpnJ3d8kaxzOltlImP8VgBG5ep2FJH5kZ2biTtQRiHxXjUI
FCw+hR5mNKauTGiUKfwc4BVswD0QMa3ncDONtKmOcyirpEZDEapTk5Un1bKZ7pso
ZrmhcdhLO8BuK0EKyK4IoTiysyA43CJ+4Uu7MK8X8weJR74FyTKGBmg/5OqAypk+
QSc1BcEDv9JMH7tPI1Fcb412jGc0B9y/zMdQDcpSXp9Aw4CKl9bhJXY60GnjcxOH
LgyxvMq/UZnoYRAFGRxX
=//Bk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-09-03 Thread Theo . Sweeny
Thanks Chris - that pointer is very helpful.

Can you clarify by setting session-timeout to 0, implies after 60 seconds 
the session will expire or does it imply the same as -1, that sessions 
will not timeout?


0


Theo



From:   Christopher Schultz <ch...@christopherschultz.net>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   01/09/2015 17:23
Subject:    Re: Tomcat 8 Session Timeout



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/1/15 4:29 AM, theo.swe...@avios.com wrote:
> Mark - I took a look at the Manager How To Guide  as seen here -
> 
> https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses
sions
>
>  It mentions that it's possible to expire sessions for each
> individual app using a command similar to -
> 
> curl -X GET 
> http://username:password@localhost:8080/manager/text/expire?path=/exam
ples=0
>
>  Do you know if a wildcard can be used for the app name?

You can't.

If you want to script it, you can write some code to pull the list of
sessions and then interrogate them for various things. I'm not sure
what the manager application's interface is willing to cough-up, but
if you use JMX (either directly or via the manager's JMXProxyServlet),
you can list the sessions, look at their attributes, and expire them
using whatever criteria you want.

Check out slide 40 in this presentation from ApacheCon NA 2015:
http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%2
0Apache%20Tomcat%20with%20JMX_0.pdf

This trick requires that you have an attribute in the session called
"user" that has the user's username in the toString() output. It's
just an example, but you can see how you can grab sessions and do
things with them.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV5dDTAAoJEBzwKT+lPKRYRIUQAIuCucb4uj6o9uyr6CD/N+Yh
9NDAedOdxygaR14+uy8vHPB/V60O65bURSArFt65oNIB0U0YIA5A7/dpp+8NNWLE
O31mJu9GPLb5X1RdArRV8esiI23QRkZWNtEuNPn1pVcVwMMmfym+NzX1N1Ng9Sdu
Tkkom3GKf4MXujl4UqqiGEgy1nnSvmRUUoRAdGRsEWamz5GgfjFT6TIhmy+RBDxy
Doh4iRxDNO9g0yMHL/SWxOssEh+unJCcFKEJEo2nsRkh4MjsOkmVlyzWHiXkC/IZ
P+815UQjxgwPX+xQq2U3ptghj+SS3MJGKm2HuihF/ia+0xT7+0V0l1Oo8+H7y4Br
4Jf9FO9hfan9W0pnqi9U0tg3Ojthl8m1Q9nucU+v6CbGYUU5RExqaJBATU46wuda
PvDCP8MkVmYGGPNnUDDi9RIw9dggKC/FPm//iLLSBeHKZMfN1PXBViQOZVbj3X84
Dc1RU7c7F1OfuXCcAb2koQJjDGmgxr7KF8mPtNdzq+dSUeVDn1L2JZziXJ6MICVp
xrlslFSZ7iCUgpuc1+/FX99jG+CvxBj4v+LDgMlw1VEkqxeqg7V5HO5T4KhdHXZ2
IjjlUMsEUtsmIrF00EXyW/gXGyl15Nzn6ULEPFwnm4nUf0vEUVoWyjdBsXWaAo5O
N8okIJvNcDxwaQWBWm7w
=epgx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-01 Thread Theo . Sweeny
Hi Chris,

That's pretty much it (except the path for the app's web.xml looks a
little odd).

We are running multi-instance environment and this is why the path is 
$CATALINA_BASE/conf/web.xml

Are the web services specifying their own session-timeout in the
application-specific web.xml?

No the web-apps are not specifying their own session-timeout. We want to 
run with a stateless environment. Eventually the session-timeout will be 
brought down to 0, but the current setting for 2 minutes doesn't work. The 
sessions do not timeout.

Theo




From:   Christopher Schultz <ch...@christopherschultz.net>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   28/08/2015 19:09
Subject:    Re: Tomcat 8 Session Timeout



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 8/28/15 12:08 PM, theo.swe...@avios.com wrote:
> Hello - currently HTTP sessions are configured to timeout after 120
>  seconds, in $CATALINA_BASE/conf/web.xml
> 
>  2 
> 

I'd highly recommend that you move that configuration from
conf/web.xml to your own web application's web.xml.

> However this is not being honoured by the web services, where many
> session are lasting longer.
> 
>> From what I understand - the order for session timeouts is -
> 
> HttpSession.setMaxInactiveInterval(int) 
> $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml
> 
> Is there something that I'm missing?

That's pretty much it (except the path for the app's web.xml looks a
little odd).

Are the web services specifying their own session-timeout in the
application-specific web.xml?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV4KO3AAoJEBzwKT+lPKRYh8cQALjjzZ4glyywX4HrTpfAOtEJ
Ck1LC/S82MgNfCfS1dOx8fUpuER6ZSJ+fkALjAMjAr5MmQX+/Z2nODvj/XWDLkRj
6Hyp/F+rEnExt4bS6idWz32hPtzDqxA4Ffxy9oCROihXXdvA0qGn6xGfKwtUaBH2
rviw3au4uD2W3iPffszUj3VnGQnWhK3QFQpFCLkpVu1lF/EiqBCL3XHIY+6cDzBO
fpGWiFrk+9RSuP/uN3LEGzdZNvuHNiNu5OrlvBq9P8Q1zwya6fcuPGu0NvFD7ESl
o0pCmcie9NUFXN1R0/RtT8uw7ZVELWrPx5C6zLR1tbwodMnarlQMazAdQFDDtiVK
DLPjpKF0bPqAP3ORUzRAu3IfSaXhtgE77byAB8DLnPJjpKeyWEp4tCDP1CmI6NI1
5dVQmt5CJAo5pP5YAMM38GsJyY5NoQ2NI61tPJ/NFTJkV0pyCGlufiRMp6ySMvBP
zY8CjhNEjhfEV35RB1hYzawhZ3hgV3oq78HLGLZ15eaYiBTBHyHyKgdbitRfawIP
ICdvpuElYDPNKFI2SfSb3qQc64sm+kqN6B1DNWMALAWISNENB0ahu6D4a9UJTr0R
FgFRCdpkkV8/3FfpoSpu2kzzBubYMA7XpMyuk9HWlABJvT99AJCwPeA2C5falShv
j5HCHDLxsn1LzK8hl9mK
=3HRA
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-01 Thread Mark Thomas
On 01/09/2015 08:53, theo.swe...@avios.com wrote:
> Hi Mark 
> 
> Tomcat version?
> 
> v8.0.21

OK. Fairly recent and no known issues. I'll add session expiration is
testing as part of the 'unit' tests we run after every commit and I
don't ever remember it failing. The same tests are also run before every
release and must pass on multiple platforms before the release is started.

> The usual causes are:
>  - something unexpected accessing the session
>  - the background processing thread is crashed / busy doing something
>else
> 
> Is there a command line mechanism to gracefully terminate sessions?

No, but you can use the Manager app to view session contents and expire
the sessions.

Mark

> 
> Theo
> 
> 
> 
> 
> From:   Mark Thomas <ma...@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>, 
> Date:   28/08/2015 19:13
> Subject:Re: Tomcat 8 Session Timeout
> 
> 
> 
> On 28/08/2015 12:08, theo.swe...@avios.com wrote:
>> Hello - currently HTTP sessions are configured to timeout after 120 
>> seconds, in $CATALINA_BASE/conf/web.xml
>>
>>
>> 2
>> 
>>
>> However this is not being honoured by the web services, where many 
> session 
>> are lasting longer.
>>
>> From what I understand - the order for session timeouts is - 
>>
>> HttpSession.setMaxInactiveInterval(int) 
>> $WebApplication/webapp/WEB-INF/web.xml 
>> $TOMCAT_BASE/conf/web.xml
>>
>> Is there something that I'm missing?
> 
> Tomcat version?
> 
> The usual causes are:
>  - something unexpected accessing the session
>  - the background processing thread is crashed / busy doing something
>else
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> -
> The Mileage Company Limited is a limited company registered in England under 
> company number 2260073 whose registered office address is at
> Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify the 
> system manager.
> 
> This footnote also confirms that this email message has been swept by 
> Mimecast for the presence of computer viruses. 
> -
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-09-01 Thread Theo . Sweeny
Hi Mark 

Tomcat version?

v8.0.21

The usual causes are:
 - something unexpected accessing the session
 - the background processing thread is crashed / busy doing something
   else

Is there a command line mechanism to gracefully terminate sessions?

Theo




From:   Mark Thomas <ma...@apache.org>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   28/08/2015 19:13
Subject:    Re: Tomcat 8 Session Timeout



On 28/08/2015 12:08, theo.swe...@avios.com wrote:
> Hello - currently HTTP sessions are configured to timeout after 120 
> seconds, in $CATALINA_BASE/conf/web.xml
> 
>
> 2
> 
> 
> However this is not being honoured by the web services, where many 
session 
> are lasting longer.
> 
> From what I understand - the order for session timeouts is - 
> 
> HttpSession.setMaxInactiveInterval(int) 
> $WebApplication/webapp/WEB-INF/web.xml 
> $TOMCAT_BASE/conf/web.xml
> 
> Is there something that I'm missing?

Tomcat version?

The usual causes are:
 - something unexpected accessing the session
 - the background processing thread is crashed / busy doing something
   else

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-01 Thread Theo . Sweeny
Mark - I took a look at the Manager How To Guide  as seen here - 

https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Sessions

It mentions that it's possible to expire sessions for each individual app 
using a command similar to - 

curl -X GET 
http://username:password@localhost:8080/manager/text/expire?path=/examples=0

Do you know if a wildcard can be used for the app name? 

Theo




From:   Mark Thomas <ma...@apache.org>
To: Tomcat Users List <users@tomcat.apache.org>, 
Date:   01/09/2015 09:02
Subject:    Re: Tomcat 8 Session Timeout



On 01/09/2015 08:53, theo.swe...@avios.com wrote:
> Hi Mark 
> 
> Tomcat version?
> 
> v8.0.21

OK. Fairly recent and no known issues. I'll add session expiration is
testing as part of the 'unit' tests we run after every commit and I
don't ever remember it failing. The same tests are also run before every
release and must pass on multiple platforms before the release is started.

> The usual causes are:
>  - something unexpected accessing the session
>  - the background processing thread is crashed / busy doing something
>else
> 
> Is there a command line mechanism to gracefully terminate sessions?

No, but you can use the Manager app to view session contents and expire
the sessions.

Mark

> 
> Theo
> 
> 
> 
> 
> From:   Mark Thomas <ma...@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>, 
> Date:   28/08/2015 19:13
> Subject:Re: Tomcat 8 Session Timeout
> 
> 
> 
> On 28/08/2015 12:08, theo.swe...@avios.com wrote:
>> Hello - currently HTTP sessions are configured to timeout after 120 
>> seconds, in $CATALINA_BASE/conf/web.xml
>>
>>
>> 2
>> 
>>
>> However this is not being honoured by the web services, where many 
> session 
>> are lasting longer.
>>
>> From what I understand - the order for session timeouts is - 
>>
>> HttpSession.setMaxInactiveInterval(int) 
>> $WebApplication/webapp/WEB-INF/web.xml 
>> $TOMCAT_BASE/conf/web.xml
>>
>> Is there something that I'm missing?
> 
> Tomcat version?
> 
> The usual causes are:
>  - something unexpected accessing the session
>  - the background processing thread is crashed / busy doing something
>else
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
-
> The Mileage Company Limited is a limited company registered in England 
under company number 2260073 whose registered office address is at
> Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.
> 
> This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify 
the system manager.
> 
> This footnote also confirms that this email message has been swept by 
Mimecast for the presence of computer viruses. 
> 
-
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
The Mileage Company Limited is a limited company registered in England under 
company number 2260073 whose registered office address is at
Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the 
system manager.

This footnote also confirms that this email message has been swept by Mimecast 
for the presence of computer viruses. 
-


Re: Tomcat 8 Session Timeout

2015-09-01 Thread Mark Thomas
On 01/09/2015 09:29, theo.swe...@avios.com wrote:
> Mark - I took a look at the Manager How To Guide  as seen here - 
> 
> https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Sessions
> 
> It mentions that it's possible to expire sessions for each individual app 
> using a command similar to - 
> 
> curl -X GET 
> http://username:password@localhost:8080/manager/text/expire?path=/examples=0
> 
> Do you know if a wildcard can be used for the app name?

Sorry, it won't.

Mark


> 
> Theo
> 
> 
> 
> 
> From:   Mark Thomas <ma...@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>, 
> Date:   01/09/2015 09:02
> Subject:Re: Tomcat 8 Session Timeout
> 
> 
> 
> On 01/09/2015 08:53, theo.swe...@avios.com wrote:
>> Hi Mark 
>>
>> Tomcat version?
>>
>> v8.0.21
> 
> OK. Fairly recent and no known issues. I'll add session expiration is
> testing as part of the 'unit' tests we run after every commit and I
> don't ever remember it failing. The same tests are also run before every
> release and must pass on multiple platforms before the release is started.
> 
>> The usual causes are:
>>  - something unexpected accessing the session
>>  - the background processing thread is crashed / busy doing something
>>else
>>
>> Is there a command line mechanism to gracefully terminate sessions?
> 
> No, but you can use the Manager app to view session contents and expire
> the sessions.
> 
> Mark
> 
>>
>> Theo
>>
>>
>>
>>
>> From:   Mark Thomas <ma...@apache.org>
>> To: Tomcat Users List <users@tomcat.apache.org>, 
>> Date:   28/08/2015 19:13
>> Subject:Re: Tomcat 8 Session Timeout
>>
>>
>>
>> On 28/08/2015 12:08, theo.swe...@avios.com wrote:
>>> Hello - currently HTTP sessions are configured to timeout after 120 
>>> seconds, in $CATALINA_BASE/conf/web.xml
>>>
>>>
>>> 2
>>> 
>>>
>>> However this is not being honoured by the web services, where many 
>> session 
>>> are lasting longer.
>>>
>>> From what I understand - the order for session timeouts is - 
>>>
>>> HttpSession.setMaxInactiveInterval(int) 
>>> $WebApplication/webapp/WEB-INF/web.xml 
>>> $TOMCAT_BASE/conf/web.xml
>>>
>>> Is there something that I'm missing?
>>
>> Tomcat version?
>>
>> The usual causes are:
>>  - something unexpected accessing the session
>>  - the background processing thread is crashed / busy doing something
>>else
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> -
>> The Mileage Company Limited is a limited company registered in England 
> under company number 2260073 whose registered office address is at
>> Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.
>>
>> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify 
> the system manager.
>>
>> This footnote also confirms that this email message has been swept by 
> Mimecast for the presence of computer viruses. 
>>
> -
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> -
> The Mileage Company Limited is a limited company registered in England under 
> company number 2260073 whose registered office address is at
> Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY.
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify the 
> system manager.
> 
> This footnote also confirms that this email message has been swept by 
> Mimecast for the presence of computer viruses. 
> -
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-09-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 9/1/15 4:29 AM, theo.swe...@avios.com wrote:
> Mark - I took a look at the Manager How To Guide  as seen here -
> 
> https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses
sions
>
>  It mentions that it's possible to expire sessions for each
> individual app using a command similar to -
> 
> curl -X GET 
> http://username:password@localhost:8080/manager/text/expire?path=/exam
ples=0
>
>  Do you know if a wildcard can be used for the app name?

You can't.

If you want to script it, you can write some code to pull the list of
sessions and then interrogate them for various things. I'm not sure
what the manager application's interface is willing to cough-up, but
if you use JMX (either directly or via the manager's JMXProxyServlet),
you can list the sessions, look at their attributes, and expire them
using whatever criteria you want.

Check out slide 40 in this presentation from ApacheCon NA 2015:
http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%2
0Apache%20Tomcat%20with%20JMX_0.pdf

This trick requires that you have an attribute in the session called
"user" that has the user's username in the toString() output. It's
just an example, but you can see how you can grab sessions and do
things with them.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV5dDTAAoJEBzwKT+lPKRYRIUQAIuCucb4uj6o9uyr6CD/N+Yh
9NDAedOdxygaR14+uy8vHPB/V60O65bURSArFt65oNIB0U0YIA5A7/dpp+8NNWLE
O31mJu9GPLb5X1RdArRV8esiI23QRkZWNtEuNPn1pVcVwMMmfym+NzX1N1Ng9Sdu
Tkkom3GKf4MXujl4UqqiGEgy1nnSvmRUUoRAdGRsEWamz5GgfjFT6TIhmy+RBDxy
Doh4iRxDNO9g0yMHL/SWxOssEh+unJCcFKEJEo2nsRkh4MjsOkmVlyzWHiXkC/IZ
P+815UQjxgwPX+xQq2U3ptghj+SS3MJGKm2HuihF/ia+0xT7+0V0l1Oo8+H7y4Br
4Jf9FO9hfan9W0pnqi9U0tg3Ojthl8m1Q9nucU+v6CbGYUU5RExqaJBATU46wuda
PvDCP8MkVmYGGPNnUDDi9RIw9dggKC/FPm//iLLSBeHKZMfN1PXBViQOZVbj3X84
Dc1RU7c7F1OfuXCcAb2koQJjDGmgxr7KF8mPtNdzq+dSUeVDn1L2JZziXJ6MICVp
xrlslFSZ7iCUgpuc1+/FX99jG+CvxBj4v+LDgMlw1VEkqxeqg7V5HO5T4KhdHXZ2
IjjlUMsEUtsmIrF00EXyW/gXGyl15Nzn6ULEPFwnm4nUf0vEUVoWyjdBsXWaAo5O
N8okIJvNcDxwaQWBWm7w
=epgx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-08-28 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Theo,

On 8/28/15 12:08 PM, theo.swe...@avios.com wrote:
 Hello - currently HTTP sessions are configured to timeout after 120
  seconds, in $CATALINA_BASE/conf/web.xml
 
 session-config session-timeout2/session-timeout 
 /session-config

I'd highly recommend that you move that configuration from
conf/web.xml to your own web application's web.xml.

 However this is not being honoured by the web services, where many
 session are lasting longer.
 
 From what I understand - the order for session timeouts is -
 
 HttpSession.setMaxInactiveInterval(int) 
 $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml
 
 Is there something that I'm missing?

That's pretty much it (except the path for the app's web.xml looks a
little odd).

Are the web services specifying their own session-timeout in the
application-specific web.xml?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV4KO3AAoJEBzwKT+lPKRYh8cQALjjzZ4glyywX4HrTpfAOtEJ
Ck1LC/S82MgNfCfS1dOx8fUpuER6ZSJ+fkALjAMjAr5MmQX+/Z2nODvj/XWDLkRj
6Hyp/F+rEnExt4bS6idWz32hPtzDqxA4Ffxy9oCROihXXdvA0qGn6xGfKwtUaBH2
rviw3au4uD2W3iPffszUj3VnGQnWhK3QFQpFCLkpVu1lF/EiqBCL3XHIY+6cDzBO
fpGWiFrk+9RSuP/uN3LEGzdZNvuHNiNu5OrlvBq9P8Q1zwya6fcuPGu0NvFD7ESl
o0pCmcie9NUFXN1R0/RtT8uw7ZVELWrPx5C6zLR1tbwodMnarlQMazAdQFDDtiVK
DLPjpKF0bPqAP3ORUzRAu3IfSaXhtgE77byAB8DLnPJjpKeyWEp4tCDP1CmI6NI1
5dVQmt5CJAo5pP5YAMM38GsJyY5NoQ2NI61tPJ/NFTJkV0pyCGlufiRMp6ySMvBP
zY8CjhNEjhfEV35RB1hYzawhZ3hgV3oq78HLGLZ15eaYiBTBHyHyKgdbitRfawIP
ICdvpuElYDPNKFI2SfSb3qQc64sm+kqN6B1DNWMALAWISNENB0ahu6D4a9UJTr0R
FgFRCdpkkV8/3FfpoSpu2kzzBubYMA7XpMyuk9HWlABJvT99AJCwPeA2C5falShv
j5HCHDLxsn1LzK8hl9mK
=3HRA
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 8 Session Timeout

2015-08-28 Thread Mark Thomas
On 28/08/2015 12:08, theo.swe...@avios.com wrote:
 Hello - currently HTTP sessions are configured to timeout after 120 
 seconds, in $CATALINA_BASE/conf/web.xml
 
session-config
 session-timeout2/session-timeout
 /session-config
 
 However this is not being honoured by the web services, where many session 
 are lasting longer.
 
 From what I understand - the order for session timeouts is - 
 
 HttpSession.setMaxInactiveInterval(int) 
 $WebApplication/webapp/WEB-INF/web.xml 
 $TOMCAT_BASE/conf/web.xml
 
 Is there something that I'm missing?

Tomcat version?

The usual causes are:
 - something unexpected accessing the session
 - the background processing thread is crashed / busy doing something
   else

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org