• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Liutauras Vilda
Sheriffs:
  • Paul Clapham
  • Jeanne Boyarsky
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
Bartenders:
  • Jesse Duncan
  • Frits Walraven
  • Mikalai Zaikin

Tomcat Inactive Session Management

 
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

We are facing Performance issues with the Tomcat server.
I have one question about Tomcat Sessions. When the user logs in, a session will be created by the Tomcat. The session will be invalidated once the user clicks on log out link.
If the user is idle for some period of time and the session time out limit exceeds, then, if the user does some operation on the same session. then, the session will be expired.

My question:
What will happen, if the user closes the browser window without log out? What will happen to the session? Would it be cleaned up by GC after some time or would it be accumulated on the heap in inactive mode. I suspect, this is the issue with our production system. Please can somebody explain this scenario and possible fix for this?
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
1. Sessions are managed by the container and expire after a time which can be configured in the default web.xml


Or on an individual basis - see the HttpSession javadocs.

In any case a container is allowed to serialize out sessions to disk if memory gets tight.

What are you actually observing on your production system?

Are you using the Management App to watch memory use?

Bill
 
krishna bulusu
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you William for your reply. I will give more details now.

What we are doing is: When ever any user logs in, we are storing his session details on DB. If he click on log out link, then, we are calling session.invalidate method which triggers User Counter Listener to call, where we are deleting the session from DB.
My assumption is, when ever the Tomcat server calls invalidate method on any session, the user counter listener class will be invoked as it implements HttpSessionAttributeListener interface. in Attribute removed method, we are deleting the Session information from DB.

Now, What I observed is, if the user closes the window without log out, the session information is present on the DB though the time out period expires!! Can I assume from this that the session is already existed on memory?
Please note, we have configured the session time out period on web.xml file.


 
Saloon Keeper
Posts: 25647
183
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HTTP is not like client/server. In a client/server app, you open a network connection, do your work, and then disconnect/terminate.

In HTTP, each time you send a URL, it opens a network connection, sends data, listens for a reply, and then closes the connection. It doesn't keep any connections open for the life of the application, only the life of a request/response cycle.

That's one of the reasons for HttpSession. Since each request is effectively unrelated to any other request, the HttpSession stores context that requests can reference in order to give the illusion that you're running a continuous session. However, it's only an illusion. If you navigate off a page or exit your browser, the only way the server will know that you've effectively logged out is that you don't send any more requests. After a certain length of time, the server will eventually destroy the session objects in order to free up resources. Closing a browser window doesn't send any requests to any of the servers that the browser may have recently communicated with, nor does shutting down the browser.

The HttpSession will exist on the server until it's either explicitly invalidated or until the session timeout has been reached. At that time, if there are any session listeners installed, they will be notified of the session destruction event. Whether the HttpSession exists in memory or somewhere else will depend on what server software you're running and how it was configured.
 
krishna bulusu
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tim,

Thanks for your reply.

I understand what you said. Just tell me what will happen in the below case:
A session object has been created on the memory. User closes the window without performing the log out action. So, there will not be any communication from client(Browser) to this session object.

Would there be any thread running on Tomcat server which checks every session object and cleans it if the session time out period for a particular session object exceeds (or) The session object waits till some communication happens to it indefinitely (May be till next server restart in which case all objects on the memory will be deleted)
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, Tomcat will have a Thread checking sessions for timeout - thats the whole idea, the container manages sessions.

I am curious as to why you are getting involved with DB storage of session data? Seems to me you should use either the built in session management OR a DB - what is the thinking behind using both? Seems to me that is leading to a tangle of responsibilities.

Also - why HttpSessionAttributeListener when what you want is a sessionDestroyed event as per HttpSessionListener - destroying the session does not have to activate any of the attribute listener events - that would depend on the implementation.

Bill

 
krishna bulusu
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Bill,

Thanks for your reply. I must admit that tomcat do destroy the inactive sessions after expiration. What I have done is, implemented Session Listener interface and in session destroyed method, I placed a log statement. After some period of time, I found a log statement saying session was destroyed. Thanks for your help on this.

Thanks,
Bala.
reply
    Bookmark Topic Watch Topic
  • New Topic