tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: HttpSessionListener: Negative session count
Date Tue, 12 Aug 2003 14:14:56 GMT

The simple check you had before (if session count < 1 don't decrement)
is not a bad idea.  You might want to log the sessionDestroyed event
just to be safe.

In the 2.4 servlet spec, you will have other options (notifications)
that apply to this scenario I think.

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: Christian Hauser []
>Sent: Tuesday, August 12, 2003 10:14 AM
>To: Tomcat Users List
>Subject: Re: HttpSessionListener: Negative session count
>Hi Yoav
>That could be the problem as well. So if the server is restarted my
>session counter variable is set to 0, but there might still be 30
>I didn't think of that problem, because I thought that the sessions
>would be invalidated when the server is restarted.
>Has anyone a good solution to this problem? Or should I just prevent
>session counter variable from becoming negative and after a while
>(session timeout for all remaining sessions) the counter will be
>correctly again?
>   Christian
>Shapira, Yoav wrote:
>> Howdy,
>> I would mention one other possibility, unrelated to synchronization,
>> which may cause this behavior.
>> If your session listener simply increments a counter on every
>> sessionCreated() and decrements the counter on every
>> it is vulnerable to this behavior.
>> When the server is restarted, if there are active sessions they are
>> persisted by default.  Then the server comes back up, and all these
>> sessions are active, without a session created event, so your
>> has a counter value of 0, but there are actually >0 active sessions.
>> When these are destroyed as usual, sessionDestroyed() will be called
>> them, decrementing your counter and resulting in a negative value.
>> Yoav Shapira
>> Millennium ChemInformatics
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

View raw message