Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 39941 invoked from network); 9 Sep 2008 22:10:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Sep 2008 22:10:09 -0000 Received: (qmail 21563 invoked by uid 500); 9 Sep 2008 22:10:00 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 21539 invoked by uid 500); 9 Sep 2008 22:09:59 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 21525 invoked by uid 99); 9 Sep 2008 22:09:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 15:09:59 -0700 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 22:09:00 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1KdBOt-0004o9-2s for user@geronimo.apache.org; Tue, 09 Sep 2008 15:09:31 -0700 Message-ID: <19402329.post@talk.nabble.com> Date: Tue, 9 Sep 2008 15:09:31 -0700 (PDT) From: Radim Kolar To: user@geronimo.apache.org Subject: Swap Sessions to disk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: hsn@sendmail.cz X-Virus-Checked: Checked by ClamAV on apache.org I have problem with session management. Currently G stores all sessions in memory, so after memory is exhausted, G crashes. Its very easy to DOS Geronimo server that way (just run ab benchmark tool from apache) and it takes just a few minutes. Also lot of bots don't bother with sending session cookie back - they are eating valuable server memory if session handling is enabled for JSP page. I propose to change tomcat session manager to manager with swap to disk feaure. its called org.apache.catalina.session.PersistentManager and it should be used by default and configured via portlet. Other applications servers, like WAS, can limit number of open sessions and thus increasing reliability. https://issues.apache.org/jira/browse/GERONIMO-3838 -- View this message in context: http://www.nabble.com/Swap-Sessions-to-disk-tp19402329s134p19402329.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.