tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kouba <>
Subject CrawlerSessionManagerValve - problem with removing sessionInfo
Date Mon, 27 Jun 2011 13:19:14 GMT
Recently I've been using adapted code of CrawlerSessionManagerValve from 
Tomcat 7 on Tomcat 6 (JBossWeb 2.1.4 respectively). It works well. 
However I observed a lot of HTTP sessions that were created even if 
CrawlerSessionManagerValve logged sucessfull bot detection. Finally I 
found that problem is in the way CrawlerSessionManagerValve removes 
expired session infos. See

The problem occurs in case of bot makes pause between requests that 
lasts at least "sessionInactiveInterval" and is not shorter than 
"sessionInactiveInterval" + 60 seconds. In this situation the real HTTP 
session is already destroyed but corresponding SessionInfo still exists. 
CrawlerSessionManagerValve detects bot and finds SessionInfo. New HTTP 
session is created but CrawlerSessionManagerValve just changes 
sessionInfo lastAccessed property (because sessionInfo != null).

The problem code is in method backgroundProcess() where expireTime is 
resolved: (sessionInactiveInterval + 60) * 1000. It's possible that 
those +60 seconds have some meaning nevertheless they may cause creation 
of hundreds of useless HTTP sessions. My opinion is that 
backgroundProcess() is not the right way to remove expired session 
infos. I guess that more suitable solution is to make 
CrawlerSessionManagerValve implementor of 
org.apache.catalina.SessionListener and remove expired session info on 
SESSION_DESTROYED_EVENT. I tried to modify the code and it seems that 
CrawlerSessionManagerValve works now even better.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message