autoknowledge
asked on
Session-Timeout , Tomcat - webapp
Hey all,
We're using tomcat 4.1.24. I've been trying for the past hour to change the session timeout of our app. The 30 minute default shouldn't be a problem, but we connected to our server then closed the IE to see if the sessions would be invalidated after 30 minutes. They were not, so i'm trying to figure out why.
First, does a session timing out mean that everything in that session scope will be invalidated or does it just mean the user has to create a new session.
I tried changing the timeout to 1 minute for testing purposes. Running the program in JProbe, i was opening a page and then closing IE. After waiting over a minute(when the session should have timed out) i started garbage collection and checked whether the classes in the session scope were collected, and they were not. So now i'm thinking that we're not setting the session timeout correctly, or maybe that session timeout doesn't mean the session will be invalidated.
This is the code that I added to our web.xml file:
<session-config>
<session-timeout>1</sessio
</session-config>
We have multiple web.xml files, but I believe the file we have to add the code to is in the WEB-INF directory, which is parallel with the app directory
basically our app is in tomcat/webapps/dir/app and our WEB-INF is in tomcat/webapps/dir/WEB-INF
I also tried to add it to ROOT/WEB-INF to no avail.
I've read other posts similar to this, but I haven't read anything about whether the session will be invalidated upon timeout.
Any help is definitely appreciated!
thank you much.
Nathan @ AutoKnowledge
ps. kinda urgent... but only because i'm almost out of hair :)
We're using tomcat 4.1.24. I've been trying for the past hour to change the session timeout of our app. The 30 minute default shouldn't be a problem, but we connected to our server then closed the IE to see if the sessions would be invalidated after 30 minutes. They were not, so i'm trying to figure out why.
First, does a session timing out mean that everything in that session scope will be invalidated or does it just mean the user has to create a new session.
I tried changing the timeout to 1 minute for testing purposes. Running the program in JProbe, i was opening a page and then closing IE. After waiting over a minute(when the session should have timed out) i started garbage collection and checked whether the classes in the session scope were collected, and they were not. So now i'm thinking that we're not setting the session timeout correctly, or maybe that session timeout doesn't mean the session will be invalidated.
This is the code that I added to our web.xml file:
<session-config>
<session-timeout>1</sessio
</session-config>
We have multiple web.xml files, but I believe the file we have to add the code to is in the WEB-INF directory, which is parallel with the app directory
basically our app is in tomcat/webapps/dir/app and our WEB-INF is in tomcat/webapps/dir/WEB-INF
I also tried to add it to ROOT/WEB-INF to no avail.
I've read other posts similar to this, but I haven't read anything about whether the session will be invalidated upon timeout.
Any help is definitely appreciated!
thank you much.
Nathan @ AutoKnowledge
ps. kinda urgent... but only because i'm almost out of hair :)
ASKER
Thanks for the response vzilka,
Our JSPs for the application are stored in tomcat/webapps/dir/app, and tomcat/webapps/dir contains the entire application. I tried placing the code in the web.xml file inside tomcat/webapps/dir/web-inf
vzilka, could you explain what you mean by:
"Theortically the session should be invalidated, but Tomcat may decide it has enough memory and won't run the thread that destroys the sessions."
Do you mean that tomcat may not run session.invalidate() when the session times out?
-or-
Do you mean that session.invalidate() will be run, but the garbage collection may not collect the un-referenced memory right away?
Also, does session.invalidate() just de-reference all of the objects associated with that session?
As long as the memory is unreferenced, I think that I can put a little trust in the garbage collector to someday pick up the trash when the app needs the extra memory.
If tomcat just doesn't invalidate the session at all if it doesn't have to, then is there a way to find out which session has timed out and then manually invalidate it?
Thanks for any help you guys/gals can give.
Nathan @ AK
Our JSPs for the application are stored in tomcat/webapps/dir/app, and tomcat/webapps/dir contains the entire application. I tried placing the code in the web.xml file inside tomcat/webapps/dir/web-inf
vzilka, could you explain what you mean by:
"Theortically the session should be invalidated, but Tomcat may decide it has enough memory and won't run the thread that destroys the sessions."
Do you mean that tomcat may not run session.invalidate() when the session times out?
-or-
Do you mean that session.invalidate() will be run, but the garbage collection may not collect the un-referenced memory right away?
Also, does session.invalidate() just de-reference all of the objects associated with that session?
As long as the memory is unreferenced, I think that I can put a little trust in the garbage collector to someday pick up the trash when the app needs the extra memory.
If tomcat just doesn't invalidate the session at all if it doesn't have to, then is there a way to find out which session has timed out and then manually invalidate it?
Thanks for any help you guys/gals can give.
Nathan @ AK
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow, i wasn't expecting the delay between the specified and the actual timeout to be so large. Even after waiting an extended period of time, our sessions still don't show any signs of timeout. I guess adding the code from the link you posted might be useful in waiting for the timeout to occur, since it will tell me right when it does. However, if i never get this msg, then i will have to assume that the timeout isn't setup correctly and try something else. Unless of course it's memory dependant and won't run until the server is almost out of memory, which would be a tedious task to test.
I have the code:
<session-config>
<session-timeout>30</sessi
</session-config>
in the web.xml files in our C:\jakarta-tomcat-4.1.24\c
If i set this code to 1 minute, i should hope that the timeouts occur sooner that 30 minutes.
If I never get a msg stating that the session timed-out, then i guess that I should try session.setMaxInactiveInte
If you can think of anything else that would make this task easier, just let me know. Thanks again for your help.
Nathan
I have the code:
<session-config>
<session-timeout>30</sessi
</session-config>
in the web.xml files in our C:\jakarta-tomcat-4.1.24\c
If i set this code to 1 minute, i should hope that the timeouts occur sooner that 30 minutes.
If I never get a msg stating that the session timed-out, then i guess that I should try session.setMaxInactiveInte
If you can think of anything else that would make this task easier, just let me know. Thanks again for your help.
Nathan
ASKER
Ok, i think the session.setMaxInactiveInte
Nathan
Nathan
I think your web.xml file should be in TOMCAT/WEBAPPS/DIR/WEB-INF
or, if you do not use the auto deploy features of TOMCAT but wrote a context in the server.xml file, TOMCAT/WEBAPPS/DIR/APP/WEB
Theortically the session should be invalidated, but Tomcat may decide it has enough memory and won't run the thread that destroys the sessions.