tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cos...@eng.sun.com
Subject Re: [Catalina] Discussion -- Advanced Session Management Features
Date Tue, 01 Feb 2000 19:16:42 GMT
> > Question: do you have sync or background write ? That mean, if
> > shopingChart.deleteItem() is called, does it wait for the write to happen
> > or the write will happen in background?
> >
> > First choice is wrong - every time you change a session object you'll have
> > to do a write on disk. It is also wrong because you have no way to guess
> > if the object was changed or not. And you might have many "cache" or
> > "pool" objects in the session - you don't want to have all objects saved
> > ( but how can you specify which are important ?)
> >
> > Second choice is worse - if the write is in background, the servlet will
> > think it changed the object, will return the page confirming that, and the
> > user will click "buy". Now the server crashes, the new request is
> > redirected to the "fail-recovery" server - with no idea that the user
> > just removed 1/2 of the items.
> 
> Both will work, but I agree that writing every time the object changes is a
> wast of resource... however, your granularity then becomes *very* important.
> Also, there is no reason that a session couldn't flag that it had changed...
> If your working this way, a combination would be best I think.

How? The API has no way to "flag" what changed.
You call getAttribute("shopingC"), you get a ShopingC object. 
You call setXXX method. Then what? How will tomcat know that the 
object is "dirty" ? 

I have some OO database experience, it's one of the most complex things
even if you have a full API to play with ( and all you have is  
get/setAttribute() ) ! 

Sorry, I don't understand how  you think this will work...


> No matter what you do, I believe that managing the "fail-over" in the server
> will still be the most efficient way to do it (as opposed to using an
> outside system).

But how ????

That's the problem, fail-over is very complex and can't be solved with
just get/setAttribute() and serializable objects.

You can have partial fail-over ( if a server fail _some_ objects _might_
be available on the fail-over server ), but you can't have a guarantee
that all are. 
It's imposible even with real databases - a Transaction can
fail and be rolled back, you should have code to deal with that - your
software will have no way to know the setAttribute() wasn't replicated. 



> For me, the issue is not so much fail-over but session sharing between
> distinct servers. However, fail-over is *almost* automatically taken care
> of, if you do have more than one server, and all the servers in the pool are
> "equal". Now, that doesn't mean that I would advertise Tomcat as
> "fail-safe", but giving it the ability to run well, and do it with minimal
> configuration is very important, and will win converts.

Ok, sharing what? How can a user specify that an object shouldn't be
shared between servers? ( like a big GIF that is cached for speed - one of
the biggest use for Session is to keep pools or cached objects, to avoid
reading them from file system/network). 

BTW, the API have no way to specify "this object is a cache object, don't
share it". 

It nice to win converts, but it's important how - not by letting them
think that we support "fail-safe" when we don't, or that it is possible to
do that when it isn't ( AFAIK ).  


> I think that Tomcat should be as clean and foolproof as possible, if an
> administrator then wants to implement their own (real?) system, there is
> nothing stopping that from happening.

The problem is that there is no _real_ solution ! You get partial
fail-over, and IMHO it's worse than no fail-over at all, because you'll
never know if you have a full recovery and all your session objects are
preserved or not. 

Costin 


Mime
View raw message