tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12069] - Creation of more HttpSession objects for one previously timed out session
Date Mon, 15 Mar 2004 15:36:33 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12069>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12069

Creation of more HttpSession objects for one previously timed out session





------- Additional Comments From vminarik@ips-ag.cz  2004-03-15 15:36 -------
Although you state that RFC 2109 doesn't discuss concurrent requests, browsers 
like MSIE 6 use them, so I think server should somehow treat this situation.

I don't think that mantaining a list of old and new sessions would have any 
significant negative impact on performance since it is needed to check this 
list ONLY when the server gets an old session ID and cannot find existing 
session object for it. Then, prior to creating a new session object, it should 
check the list of "old-to-new session IDs mapping" whether there has not been 
already created a new session for the old session ID.
I agree that it could be tricky to implement the list, e.g. to retain small 
size of the list. Server must remove obsolete mappings when they aren't needed 
anymore (to prevent inappropriate memory consumption).

Why I think tomcat should treat concurrent requests?
Well, the example for which I submitted the download link, is little bit 
uncommon.
But still I think changing the architecture of the web app you are suggesting 
isn't right solution of the problem. Consider the following (very usual?) 
situation:
One frameset with two or more JSP frames. Since the frameset's content isn't 
changing, it is normal to set some longer expiration time to it, isn't it? Now 
consider that the session is lost on the server (session timeout) and user 
wants to refresh the page. He isn't interested in the fact he refreshes a 
frameset, not a page. But what will do the browser? First it checks the 
expiration time of the top level page (==frameset). Because it is still valid 
(not expired), it uses concurrent connections to get the content of the frames. 
And now two or more sessions are created and later some data stored in session 
attributes are lost...

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message