tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: OOME issue in Tomcat 6.0.18(with SSL)
Date Thu, 13 Jun 2013 14:23:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chirag,

On 6/13/13 12:59 AM, Chirag Dewan wrote:
> A little more digging in and I found out that only with SSL,tomcat 
> is creating a large number of sessions. I can see in the logs for
> HTTP:
> 
> INFO: SessionListener:
> sessionDestroyed('2E8DE01EE3F0D166FEFC8A45353CD9ED')
> 
> Now,in case of HTTPS I see a large number of such logs. So I
> believe for HTTPS requests it is creating a session for every
> request as compared to HTTP?

That seems odd, as web applications usually create sessions regardless
of the use of HTTP versus HTTPS. I suppose it's your web application,
so it could be doing anything at all.

> This is my SSL setting in client:
> 
> public HttpTLSProtocolSocketFactory() { try { this.sslcontext =
> SSLContext.getInstance("TLS"); TrustManager[] arrayOfTrustManager =
> { new DummyX509TrustManager() }; this.sslcontext.init(null,
> arrayOfTrustManager, null); } catch (Exception localException) { 
> this.logger.log(Level.SEVERE, "Failed to created SSLContext: " +
> localException.getMessage()); } }
> 
> public Socket createSocket(String paramString, int paramInt1,
> InetAddress paramInetAddress, int paramInt2, HttpConnectionParams
> paramHttpConnectionParams) throws IOException,
> UnknownHostException, ConnectTimeoutException { if
> (paramHttpConnectionParams == null) throw new
> IllegalArgumentException("Parameters may not be null"); int i =
> paramHttpConnectionParams.getConnectionTimeout(); SSLSocketFactory
> localSSLSocketFactory = this.sslcontext.getSocketFactory(); if (i
> == 0) return localSSLSocketFactory.createSocket(paramString,
> paramInt1, paramInetAddress, paramInt2); Socket localSocket =
> localSSLSocketFactory.createSocket(); InetSocketAddress
> localInetSocketAddress1 = new InetSocketAddress(paramInetAddress,
> paramInt2); InetSocketAddress localInetSocketAddress2 = new
> InetSocketAddress(paramString, paramInt1); 
> localSocket.bind(localInetSocketAddress1); 
> localSocket.connect(localInetSocketAddress2, i); return
> localSocket; }
> 
> Can different sockets create different sessions?

This isn't an SSL session issue, it's an HttpSession issue. The client
is irrelevant, except that you are not handling the Set-Cookie
response header Tomcat is likely sending to you. If you sent that
Cookie back to the server, you would likely eliminate all those extra
sessions and instead only create one (HTTP) session per client thread.

> So for HTTP I am not creating any new sessions,same should be the 
> case for HTTPS. Right?

Only you know what your web application is doing.

> The only thing which differs in my is the SSLSocketFactory 
> Implementation, which creates sockets.

Look at your webapp's code, not the client code.

You might want to write an HttpSessionListener that fires whenever an
HttpSession is created. Do something like this:

  public void sessionCreated(HttpSessionEvent se)
  {
    new Throwable("Trace for session creation").printStackTrace();
  }

It looks like you already have an HttpSessionListener (that's where
the INFO message above comes from), so maybe you could just modify
that one.

This will dump stack traces to stdout and tell you exactly where the
sessions are being created. then you can probably figure out why they
are being created in the first place.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRudXVAAoJEBzwKT+lPKRYdVEQAJB3Kl1Kp2X4tdvA6J336s+e
iJRQ8Wj0Ap7pB18FC/dFuriIydvp/sEV66SniLcrp7aHB2bwWDg2IrQJdkRODsvh
cARtVY7vDCZR6PffWSpAGOrwe9IbddnPnF1zN3gakPayYQKkA2MAkxgPX8NsVltj
iqHtU00QL5vdUg/PFrw/x26l5GvR8JU9+pgL1bMPi9UHXFTQ6rcQDRxlMdWes5g6
QLAGGuwcCWWYiv3bO1AJiaJB/37qfwQ+CL2FbPu28CeKWzi7MwmjNJuRG4fUaWfZ
Xj4wXAlXVhdcdRNYKNG+yVktwYooaNV0lDTJb4r78K3wukjLg1z9ndXE0t77wT6G
oYL5LWsnkPq34pUQupCJnl/N2anAjIb1pbCfZ+xLvotRv++s3uGpMtV8ozBeDkgy
WYL6hGyeRCewV9z4wA7nQHZ03JYP9vFE6qWzxjwgKT7KLCdbwDM5QOg5EXv+rxx6
VxQk9yZ55cMi+Pk+A3fahq+FanBu2nRqeOHKkmxmjKS1hJuOdSr9gE+VWDosF7zj
z8Dg8Uq8aqd//paR3T0zSoSHMpfWY+1/sojtgBThqQmdOVZli+AriVwnjCegzZQB
tS68ROi+wGtGuJHSuE0GQ3D7enSii6MxPGmuTsAGThLqQKdJlwyvRpUxNsdjiSLG
LvUGReWZ9EUTB5RuWIj3
=34Mn
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message