tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat 6.0.26 on Windows server - sessions are not expired
Date Mon, 03 Feb 2014 18:51:59 GMT
Hash: SHA256


On 2/3/14, 7:10 AM, Daniel Mikusa wrote:
> On Feb 3, 2014, at 3:30 AM, Maor Yosef <>
> wrote:
>> Hi.
>> 1. We are aware that 6.0.26 is old, but since there is a large
>> operational impact, we wont upgrade the tomcat until we will know
>> its definetly an issue in this specific version
> While I understand what you’re saying, I disagree.  If you need to
> sell the change to management, you should take a look at the
> security problems that have been fixed since 6.0.26 and weigh the
> cost of upgrading versus a security breach or manually applying
> mitigations, if that’s even possible.


>> 2. You are right, it was my mistake, it causes OOM and not stack
>> overflow, when we see high sessions count we get exceptions
>> saying "unable to create new native thread”
> This is telling you that there’s not enough memory to allocate any 
> more threads.
> 1.) Have you tried setting “-Xss”?  This will set the thread stack 
> size, i.e. how much memory each thread has available for its
> stack. Often times you don’t need nearly as much as the default
> allocated by the JVM, so you can lower it and get more threads out
> of the same available memory.  Maybe try 256k or even lower.
> You’ll know you went too low if you see StackOverflowErrors.
> 2.) How many threads are being created / used?  Perhaps you’re 
> creating too many threads?  You’ll probably want to do some 
> monitoring and see how many the Tomcat is creating / using and how 
> many your application is creating / using.  Perhaps you’ve got a 
> problem where too many threads are being created or where threads
> are being created and not properly cleaned up.  Tools that could
> help here:  jconsole / jvisualvm or thread dumps

I'd be interested in knowing why threads are being created at all.
Thread dumps will reveal a lot of good information.

>> 3. Looking at the sessions manager, we see a lot of sessions with
>> a negative TTL - meaning they werent expired, if I manually
>> expire them then the sessions count decreases.
> This doesn’t sound related, although it’s hard to say. Might be 
> helpful if you can include your configuration, minus comments.
>> 4. Can you point me to an article on how to configure different
>> background thread for each container? is it configured in tomcat
>> or should be implemented in the application?

If your background thread is becoming stuck, you should fix *that*
instead of trying to work-around it.

Thread dump(s)?

- -chris
Version: GnuPG v1
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message