tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat 6.0.26 on Windows server - sessions are not expired
Date Mon, 03 Feb 2014 18:51:59 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel,

On 2/3/14, 7:10 AM, Daniel Mikusa wrote:
> On Feb 3, 2014, at 3:30 AM, Maor Yosef <maoryosef@gmail.com>
> wrote:
> 
>> Hi.
>> 
>> 1. We are aware that 6.0.26 is old, but since there is a large
>> operational impact, we wont upgrade the tomcat until we will know
>> its definetly an issue in this specific version
> 
> While I understand what you’re saying, I disagree.  If you need to
> sell the change to management, you should take a look at the
> security problems that have been fixed since 6.0.26 and weigh the
> cost of upgrading versus a security breach or manually applying
> mitigations, if that’s even possible.
> 
> http://tomcat.apache.org/security-6.html

+1

>> 2. You are right, it was my mistake, it causes OOM and not stack
>> overflow, when we see high sessions count we get exceptions
>> saying "unable to create new native thread”
> 
> This is telling you that there’s not enough memory to allocate any 
> more threads.
> 
> 1.) Have you tried setting “-Xss”?  This will set the thread stack 
> size, i.e. how much memory each thread has available for its
> stack. Often times you don’t need nearly as much as the default
> allocated by the JVM, so you can lower it and get more threads out
> of the same available memory.  Maybe try 256k or even lower.
> You’ll know you went too low if you see StackOverflowErrors.
> 
> 2.) How many threads are being created / used?  Perhaps you’re 
> creating too many threads?  You’ll probably want to do some 
> monitoring and see how many the Tomcat is creating / using and how 
> many your application is creating / using.  Perhaps you’ve got a 
> problem where too many threads are being created or where threads
> are being created and not properly cleaned up.  Tools that could
> help here:  jconsole / jvisualvm or thread dumps

I'd be interested in knowing why threads are being created at all.
Thread dumps will reveal a lot of good information.

>> 3. Looking at the sessions manager, we see a lot of sessions with
>> a negative TTL - meaning they werent expired, if I manually
>> expire them then the sessions count decreases.
> 
> This doesn’t sound related, although it’s hard to say. Might be 
> helpful if you can include your configuration, minus comments.
> 
>> 4. Can you point me to an article on how to configure different
>> background thread for each container? is it configured in tomcat
>> or should be implemented in the application?

If your background thread is becoming stuck, you should fix *that*
instead of trying to work-around it.

Thread dump(s)?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS7+VNAAoJEBzwKT+lPKRYcjkP/2A0gQ3HnJNOA2724kxHiYO/
q4ZLnqJUAnepPttDYu4eL8/sehnmLm1kNQ0q/vby+5LLXLeU3QldmJsZSHwDft7M
+sph2hXy0Ed6a/3sS4nYEHLWYcIs9rEi13EkMTgvewE7jEp4QldTisfHi4I3XgDq
ZlraHHQjvPgbYFwzQxmwg2F7+ag69GqR52q9zECC97tXctTPQHxd8hJ40298y40w
2HIyDV6l9EuPVkan1/g7xuWxRbWoAiwhawkiGA606r1IhtO7cB7C6ulAyDyoLKqj
NEe1EHfVeDvmiavw7evIcknTVyK1hcuQC0NPV5bSMEQnQf6ZTWw67FQfosQUmqA2
L+kYtPKDzsnF9slUfgI7YokEjzApZx/dElsZUdgatIvb5yz8IFCXKaiFxkcHGffx
TzHMe6EAiDZglM5fMQIPmvuS5p5/iaJ5mMTZzamcOZ2VOD1/RDtqQm5MLljd4M/0
cVpGb/xEEZLGoj8mnXTfQq+NFYbjkCA3PcglvoBi4VtgOS7pBykccEFEv+1HavHC
h4ROzGJ8u7uHhGbUx2WbxHfkTtk6HGLon1bIyQkP1vraAdsOClAfiEto/C+bv9jw
y5iLOfEEHlZTPCTv6lbDtYmTBaOO1r/3LQ12kc3eZfzjQaOuGUo7jwYc4A0yTDDJ
8V4q1aiF7dn26chh/BsS
=R+5r
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message