On Sep 9, 2008, at 6:09 PM, Radim Kolar wrote:
I have problem with session management. Currently G stores all
sessions in
memory, so after memory is exhausted, G crashes.
Its very easy to DOS Geronimo server that way (just run ab benchmark
tool
from apache) and it takes just a few minutes. Also lot of bots don't
bother
with sending session cookie back - they are eating valuable server
memory if
session handling is enabled for JSP page.
I propose to change tomcat session manager to manager with swap to
disk
feaure. its called org.apache.catalina.session.PersistentManager and
it
should be used by default and configured via portlet. Other
applications
servers, like WAS, can limit number of open sessions and thus
increasing
reliability.
https://issues.apache.org/jira/browse/GERONIMO-3838
https://issues.apache.org/jira/browse/GERONIMO-3376 was intended to
enable this support. A problem was fixed in 3376. However, I'm pretty
sure the full function was not properly tested. Working properly, this
would give you the ability to configure the maxActiveSessions for a
StandardManager or configure a StandardManager.
Agreed that it would be nice to be able to configure these features
via the Admin Console. I'm not sure that PersistentManager should be
the default, however. I'd be happy to start with just being able to
configure this, period.
Are you offering to help implement this? Your contributions would be
most welcome!
--kevan
