tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Phantom Sessions
Date Thu, 02 Sep 2010 22:07:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul,

On 9/2/2010 5:10 PM, Paul Szynol wrote:
> I don't have the minor version information, but it's Tomcat 6.  Each
> session object is added to a ConcurrentHashMap when SessionListener's
> sessionCreated() is invoked.

You likely have a default page (responds to requests for "/") that is a
JSP without a session="false" header. That means that the session is, by
default, created.

That means anyone visiting your website and then wandering away --
including robots, screen-scrapers, and search indexers -- gets a session
that sticks around for a long time and does nothing.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyAIB0ACgkQ9CaO5/Lv0PCJ7gCghs2t7oG73AT5AsOu9BmqhweT
DI0An3/aSTrqL+btt9fBHSOZnC2kfLsy
=1k2w
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message