tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kouba <martin.ko...@symbiont-it.cz>
Subject Re: CrawlerSessionManagerValve - problem with removing sessionInfo
Date Mon, 27 Jun 2011 20:42:50 GMT
You may inspire yourself with code from my blog post - 
http://www.symbiont-it.cz/crawlersessionmanagervalve-a-tomcat6, lines 86 
to 134 (text is unfortunately in czech :-).

Cheers,
Martin

Dne 27.6.2011 15:29, Mark Thomas napsal(a):
> On 27/06/2011 14:19, Martin Kouba wrote:
>> Recently I've been using adapted code of CrawlerSessionManagerValve from
>> Tomcat 7 on Tomcat 6 (JBossWeb 2.1.4 respectively). It works well.
>> However I observed a lot of HTTP sessions that were created even if
>> CrawlerSessionManagerValve logged sucessfull bot detection. Finally I
>> found that problem is in the way CrawlerSessionManagerValve removes
>> expired session infos. See
>> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.14/org/apache/catalina/valves/CrawlerSessionManagerValve.java#CrawlerSessionManagerValve.backgroundProcess%28%29.
>>
>>
>> The problem occurs in case of bot makes pause between requests that
>> lasts at least "sessionInactiveInterval" and is not shorter than
>> "sessionInactiveInterval" + 60 seconds. In this situation the real HTTP
>> session is already destroyed but corresponding SessionInfo still exists.
>> CrawlerSessionManagerValve detects bot and finds SessionInfo. New HTTP
>> session is created but CrawlerSessionManagerValve just changes
>> sessionInfo lastAccessed property (because sessionInfo != null).
>>
>> The problem code is in method backgroundProcess() where expireTime is
>> resolved: (sessionInactiveInterval + 60) * 1000. It's possible that
>> those +60 seconds have some meaning nevertheless they may cause creation
>> of hundreds of useless HTTP sessions. My opinion is that
>> backgroundProcess() is not the right way to remove expired session
>> infos. I guess that more suitable solution is to make
>> CrawlerSessionManagerValve implementor of
>> org.apache.catalina.SessionListener and remove expired session info on
>> SESSION_DESTROYED_EVENT. I tried to modify the code and it seems that
>> CrawlerSessionManagerValve works now even better.
> I had seen something similar in the ASF Jirs instance and hadn't found
> the time to get to the bottom of it. Your analysis looks good. I'll
> update the Valve accordingly for the next 7.0.x release.
>
> Cheers,
>
> Mark
>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message