tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: ssl.SessionId Cache keeps growing
Date Mon, 21 Jan 2008 21:50:54 GMT
> From: Yuval Perlov [mailto:yuval@r-u-on.com] 
> Subject: ssl.SessionId Cache keeps growing
> 
> 1. Any one has ever met this problem?

I haven't, but it's definitely an interesting one.

> 2. Is there anyway to access the ssl.SessionId object and invalidate  
> it during the HttpServletRequest life cycle?

Couldn't find any such mechanism in the Tomcat code, but I didn't do an
exhaustive search.

> 3. Anyway to limit or even disable SSL SessionId for a particular  
> connector (or, as a last resort to all connectors).

There is such a mechanism in JSSE, but Tomcat doesn't appear to use it.
The class (interface) of interest is javax.net.ssl.SSLSessionContext,
and the relevant methods are setSessionCacheSize() and
setSessionTimeout().  Tomcat does not seem to have any references to
SSLSessionContext, although the pertinent object could be retrieved via
the getServerSessionContext() of javax.net.ssl.SSLContext, which Tomcat
does use.  (But don't confuse this SSLContext with the two others from
different packages.)

> 4. Does anyone know of a mechanism to flush all SoftReference or  
> limit their number?

Try an allocation of a gigantic array to force SoftReferences to be
discarded, then clear the reference to the array, and force another GC.
Ugly, and it probably has really nasty side effects.

> 5. Can you think of any other way to tackle this?

Submit an enhancement request, preferably with a patch for new
attributes on the <Contector> elements to control the behavior.

> 6. What were the guys in Sun thinking???

Looks like Sun provided the necessary hooks, but the defaults (infinite)
are a mite questionable.  I was hoping for a system property or two that
might be used to specify the values, but couldn't find any (which
doesn't necessarily mean they're not there).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message