On Sep 9, 2008, at 6:09 PM, Radim Kolar wrote:


I have problem with session management. Currently G stores all sessions in
memory, so after memory is exhausted, G crashes.

Its very easy to DOS Geronimo server that way (just run ab benchmark tool
from apache) and it takes just a few minutes. Also lot of bots don't bother
with sending session cookie back - they are eating valuable server memory if
session handling is enabled for JSP page.

I propose to change tomcat session manager to manager with swap to disk
feaure. its called org.apache.catalina.session.PersistentManager and it
should be used by default and configured via portlet. Other applications
servers, like WAS, can limit number of open sessions and thus increasing
reliability.

https://issues.apache.org/jira/browse/GERONIMO-3838

https://issues.apache.org/jira/browse/GERONIMO-3376 was intended to enable this support. A problem was fixed in 3376. However, I'm pretty sure the full function was not properly tested. Working properly, this would give you the ability to configure the maxActiveSessions for a StandardManager or configure a StandardManager.

Agreed that it would be nice to be able to configure these features via the Admin Console. I'm not sure that PersistentManager should be the default, however. I'd be happy to start with just being able to configure this, period.

Are you offering to help implement this? Your contributions would be most welcome!

--kevan