tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luc Vanlerberghe <...@bvdep.com>
Subject Re: list of HttpSession objects
Date Wed, 31 Jan 2001 14:24:41 GMT
I'd have to check the servlet spec for the details, but I'm pretty sure
that servlets are not supposed to use the sessions, request and response
object after the request has been processed.
The servlet spec was designed to allow easy development of independent
web applications that can be run on any server that conforms to the
spec.
One of the 'features' of the spec is each webapp runs in its own context
shielded from other webapps that may be running on the same server, and
that sessions are maintained by the container in whatever way it sees
fit (as long as it conforms to the spec).  The Session, Request and
Response objects you see are objects that implement the required
interfaces but that says nothing about the way they are implemented.

Tomcat uses facade objects to shield the user objects from the actual
implementations to prevent users holding references to the
implementations and opening security holes.
E.g.: In tomcat, when a session times out, the implementing object is
not destroyed, but recycled to be reused when a new session is needed. 
If the user could still hold a reference, he would be able to see data
that is no longer his.

If the data you're trying to gather is limited to a single webapp, you
could take a look at the new Filter interface that is defined in the
proposed 2.3 servlet spec, or the events that can be sent when a new
session is started/stopped (HttpSessionActivationListener).  Tomcat 3.x
does not implement the 2.3 spec, but 4.x does.

If not, then what you are trying to write is something that is
inherently dependent on the way the servlet container implements these
objects, so I would suggest delving into the internals of tomcat and
writing a tomcat dependent RequestInterceptor (for 3.x) or Valve (for
4.x) for that functionality.

Luc Vanlerberghe

Ivo Limmen wrote:
> 
> Do you always get the nullpointerexception or is it only when the user
> closes the connection?
> I am working on a similar problem, I want to see how many sessions are
> active. I have tried to use a weak reference to each session object
> but it didn't work because all the sessions are reused by Tomcat, so
> they don't dissapear.
> 
> Ivo
> 
> -----Original Message-----
> From: TeamOn Crosswinds [mailto:murthy@crosswinds.net]
> Sent: woensdag 31 januari 2001 5:33
> To: tomcat-user@jakarta.apache.org
> Subject: list of HttpSession objects
> 
> Hi,
> 
> We are moving to Tomcat3.2.1 and noticed a problem.
> We monitor user-activity per web-server by keeping a list of
> HTTPSession
> objects; we query this list to see the sessions active (and thereby
> some ser
> information) at a given point.
> 
> With this version of tomcat, there seems to be this HTTPSessionfacade
> object
> that has a 'realsession' object. this realsession object gets nuked at
> the
> end of every request.
> 
> So, our list maintains a list of httpsessionfacade objects that do not
> have
> any realsession objects associated with them, so we get
> nullpointerexception
> when we try to read from these httpsession objects we maintain..
> 
> Is this a feature?
> Is there any other way our management console can keep track of
> httpsessions?
> 
> thanks,
> murthy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org
> 
> Furore Informatica B.V.
> Rijswijkstraat 175-8
> Postbus 9204
> 1006 AE Amsterdam
> tel. (020) 346 71 71
> fax. (020) 346 71 77
> 
> ------------------------------------------------------------------
> The information transmitted is intended only for the person
> or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in
> reliance upon, this information by persons or entities other
> than the intended recipient is prohibited. If you received
> this in error, please contact the sender and delete the material
> from any computer
> ------------------------------------------------------------------


Mime
View raw message