Random session cancellation

Question

Random session cancellation

I am running a J2EE web application on Tomcat, and recently I was tasked with adding metrics to the application. I use SessionListener to determine when a session is destroyed, and then load the metrics into the database. My session timeout is set in my web.xml for up to 30 minutes, and I do not programmatically invalidate the session. Often within 1 5-10 minutes, when I sign up for testing, I will see 3 or 4 sets of indicators loaded into the database, all with different session identifiers.

Besides web.xml and session.invalidate (), what else could lead to the destruction of the session in Tomcat? Exceptions? Will Tomcat ever randomly terminate sessions?

+5

java java-ee tomcat session session-timeout

jconlin Apr 20 '09 at 20:57

source share

2 answers

, , , , , " " 30 . Tomcat - , 5.5 - " " , .

0

Eddie 20 . '09 21:05

beetstra · Accepted Answer · 2009-04-20T21:50:51+0000

Perhaps your web browser has decided not to send session cookies on request to a web application where your application would expect this. I saw how this happened with the apache rewrite rule; A URL outside the cookie session path has been redirected to the web application. There is something like what happened (details may be wrong):

my web application was located in / app /
thus, the session cookie was associated with this path / app /
web application page related to /img/magic.jpeg
The browser did not send a session cookie in its request for this image (the path did not match)
did the server redirect the request (internally) to / app / createImage? magic
the web application did not receive a session cookie, so it created a new session

, , URL .

Random session cancellation

More articles: