tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37356] - Tomcat does not invalidate sessions after session-timeout period has passed.
Date Fri, 10 Mar 2006 11:08:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37356





------- Additional Comments From remm@apache.org  2006-03-10 11:08 -------
(In reply to comment #19)
> I have the same problem, some sessions never expire (tomcat 5.5.12, jdk 1.5.0).
> It seems that the session accessCount is not correctly decremented.
> 
> In my application, a single web browser can send several asynchronous
> XmlHttpRequests at the same time, so there are concurrent accesses on the server
> sesssion.
> 
> I have a look at tomcat source code and it seems that the session validy
> management is not always 'synchronized', so I agree with the "race condition
> theory" ...
> 

It's possible but rare. -1 for adding syncs, though (feel free to use a patched
Tomcat), as accessCount is a gimmick to support stupid usage scenarios
(basically, people who were using really long running requests with really short
expiration times). Either a smarter way of implementing this could be used, or
the session could simply be expired if it becomes inactive for a really long
period (say, one hour, or 5 times the regular timeout, whichever is greater).


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message