You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by sr...@gmail.com on 2015/01/17 18:45:19 UTC
Where are my non-persistent sessions stored ?
I am new to Tomcat and interested in learning how to works internally. I was reading the following thread on JavaRanch but it did not give a concrete answer-:
http://www.coderanch.com/t/467039/Tomcat/sessions-stored
Does the container use an Array-List or a HashMap to store the HTTPSessions ? What is the limit of the maximum sessions ? Are the sessions stored in RAM ?
I am aware that persistent sessions will need a data-store/database to the sessions. But how does it handle the non persistent ones ?
I have also consulted-: http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
But this too failed to give the location of non-persistent sessions.
Anyone who does Tomcat development and meddles around with the source, there feedback will be highly appreciated.
Regards
Sreyan Chakravarty
Re: Where are my non-persistent sessions stored ?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
David,
On 4/24/15 9:29 AM, David kerber wrote:
> On 4/24/2015 9:21 AM, Christopher Schultz wrote: Sreyan,
>
> On 4/23/15 9:24 AM, Sreyan Chakravarty wrote:
>>>> I beg to differ but every time a new request is sent to the
>>>> server, Tomcat creates a new session for it. So yes Tomcat
>>>> creates a session even if the application does not ask for
>>>> it.
>
> This is not true.
>
> If you can demonstrate that Tomcat is creating sessions that should
> be created, please provide a small example that does so.
>
>> Did you mean "... sessions that should NOT be created..."?
Er... absolutely! Thanks.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVOkuIAAoJEBzwKT+lPKRYDz4P/R4fUQwVT2OFSgD88IdIcifC
kDveNqhfYt4aEDMsLs7ooOvVnQssTAHh6BUJddlX66te8C0CL+ZbNOUpobV0lyKf
gszuI6v5+IB0APCPSvUqTu2t+BE04oB/rC0gbVfH0Ph6T+KGD40gysmdsRXnCLQn
nzebCrl6T8jfCriuqKUnZRq7jzv7vJDA50/Jt/ga16/N/r0SpsrlpNpSahSM74Ij
qHsWwYsk8YM2AbZGaOim8NzysG/HAd4suR8X/u7xrcK5N7wDeN+1XFxZRZKpco65
BmGA8OyPJXGwfMV45dTRq6DiJLe1Hzq1k9vT3YTDIkRqtevs96ghqHhvsvTvLIkj
ebfHunQ4fPs1ZHVdHBIcZ7oRFErJ770Rbqc1dEwb5XjDlXmrZ+bEh8qZbavB4xVi
l5T82UiVQ9GvObU3GbwDN1HXMexeBzj+3ioF3lCc+KYmtpZt/MB8BenkYQXNOm1C
p4RqYXip4Bom1sUaQ82zTaSDldBNivofSdQ3AHoh4uWAf7dan7njrQU9KldL0Ilu
a43bUJxyZufbDUFpnY5Ox4WiOJQNq3lAdWbPUySzxyWVa5SdDcjKUxEjNHeXH002
Dssc7wi/A6MfQyxfzxhSFiyTKQ8YD/qqhly7L4jl6YvAoiPlCroCQSfZwyES0JFr
nZTNie6fIQreL2Ig8UKx
=PXhp
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by David kerber <dc...@verizon.net>.
On 4/24/2015 9:21 AM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sreyan,
>
> On 4/23/15 9:24 AM, Sreyan Chakravarty wrote:
>> I beg to differ but every time a new request is sent to the server,
>> Tomcat creates a new session for it. So yes Tomcat creates a
>> session even if the application does not ask for it.
>
> This is not true.
>
> If you can demonstrate that Tomcat is creating sessions that should be
> created, please provide a small example that does so.
Did you mean "... sessions that should NOT be created..."?
>
>> Every unique session generates an unique session id on the server.
>
> I should hope so.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVOkNzAAoJEBzwKT+lPKRYxqYQALqzGKeZF/9IXzpuBd91h9oi
> fdNBncyrRuMUvN85hzTUl+ry9vevzN4nHZEzN2+oQUzO/+O7gFiET+dQYxR69bl5
> A/eL/6pZiXoZQlpuRapVuRQmhphf/7tgQdLolhAXxt8GSeKuYd9fRBK4+cD4o9vZ
> udGhhbJzkZ8nKQv8hVA8Gt3tzx7KkcQhRdBZ4EWQQBCd4RO/oe8yViCoglK4DTx5
> 7RIhTqLeHABZDy0SAisWXUxlv0ajRP5tgSSQEeD0kUe/3DEJQjOuKyCL9WFzwxQU
> iFesIYvnE+Lu0759nwkUYTPqY7E5wZeTZyHwl/wnZLGuMzzZLwe4USeZ3QLCieLc
> /MSfivIy3VJL8NbPLCtQ2V9zVEht8ljB/D+Sb1zLfc+0jY/OCmWux3ws7KQ6UwdA
> pkQheiJaOpnJkxDxwS4yH3dQhr6tFEMO1nOKw40v4TJP3Gvycc/BzCt0zVZV2EcJ
> QhQaQJOLG3qtkNz65ybM91MwqnSjDngeVzsEw1zyHIQt497hO8D3jaaMgsSrtAZe
> K4kG6Mj+ZcptD4E+FwABdFix/XOhpjdOXlGO/LSmXq0rnpOw0aQOrcadTeUVOrWg
> OiLmHbqTJ8U0d7Tys0rEVGi1qdi+z6R5KQ37gXFv6LmC5EjOLkjSlfr26OuHh4JW
> AM+vdYLS3qmiX/Ymo44g
> =BtTh
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sreyan,
On 4/23/15 9:24 AM, Sreyan Chakravarty wrote:
> I beg to differ but every time a new request is sent to the server,
> Tomcat creates a new session for it. So yes Tomcat creates a
> session even if the application does not ask for it.
This is not true.
If you can demonstrate that Tomcat is creating sessions that should be
created, please provide a small example that does so.
> Every unique session generates an unique session id on the server.
I should hope so.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVOkNzAAoJEBzwKT+lPKRYxqYQALqzGKeZF/9IXzpuBd91h9oi
fdNBncyrRuMUvN85hzTUl+ry9vevzN4nHZEzN2+oQUzO/+O7gFiET+dQYxR69bl5
A/eL/6pZiXoZQlpuRapVuRQmhphf/7tgQdLolhAXxt8GSeKuYd9fRBK4+cD4o9vZ
udGhhbJzkZ8nKQv8hVA8Gt3tzx7KkcQhRdBZ4EWQQBCd4RO/oe8yViCoglK4DTx5
7RIhTqLeHABZDy0SAisWXUxlv0ajRP5tgSSQEeD0kUe/3DEJQjOuKyCL9WFzwxQU
iFesIYvnE+Lu0759nwkUYTPqY7E5wZeTZyHwl/wnZLGuMzzZLwe4USeZ3QLCieLc
/MSfivIy3VJL8NbPLCtQ2V9zVEht8ljB/D+Sb1zLfc+0jY/OCmWux3ws7KQ6UwdA
pkQheiJaOpnJkxDxwS4yH3dQhr6tFEMO1nOKw40v4TJP3Gvycc/BzCt0zVZV2EcJ
QhQaQJOLG3qtkNz65ybM91MwqnSjDngeVzsEw1zyHIQt497hO8D3jaaMgsSrtAZe
K4kG6Mj+ZcptD4E+FwABdFix/XOhpjdOXlGO/LSmXq0rnpOw0aQOrcadTeUVOrWg
OiLmHbqTJ8U0d7Tys0rEVGi1qdi+z6R5KQ37gXFv6LmC5EjOLkjSlfr26OuHh4JW
AM+vdYLS3qmiX/Ymo44g
=BtTh
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by Mark Thomas <ma...@apache.org>.
On 23/04/2015 14:24, Sreyan Chakravarty wrote:
> I beg to differ but every time a new request is sent to the server, Tomcat
> creates a new session for it.
Not correct.
> So yes Tomcat creates a session even if the application does not ask for it.
Also not correct.
> Every unique session generates an unique session id on the server.
Yes, every session has a unique ID.
Mark
>
> On Wed, Jan 21, 2015 at 1:06 PM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 21/01/2015 06:04, sreyan32@gmail.com wrote:
>>> Is there any way for stopping sessions to be created for each
>>> “first-time” GET request to an ordinary page ?
>>
>> Don't create a session in that page. Tomcat doesn't create a session
>> unless the application asks for it.
>>
>> Note:
>> - JSP pages create sessions by default but this behaviour is configurable.
>> - FORM auth requires a session in order to work
>>
>> Mark
>>
>>
>>> Because doesn't it
>>> seem redundant that even if the developer is not using the session,
>>> the server will still create one ?
>>>
>>>
>>> A real life popular website has millions of users at a time. So how
>>> come the server is not overloaded by sessions ?
>>>
>>>
>>>
>>>
>>>
>>>
>>> Regards Sreyan Chakravarty
>>>
>>>
>>>
>>>
>>>
>>> From: Christopher Schultz Sent: Sunday, January 18, 2015
>>> 12:28 AM To: Tomcat Users List
>>>
>>>
>>>
>>>
>>>
>>> Sreyan,
>>>
>>> On 1/17/15 12:45 PM, sreyan32@gmail.com wrote:
>>>> I am new to Tomcat and interested in learning how to works
>>>> internally. I was reading the following thread on JavaRanch but it
>>>> did not give a concrete answer-:
>>>
>>>> http://www.coderanch.com/t/467039/Tomcat/sessions-stored
>>>
>>> Tim Holloway answered this in the second response on "10/19/2009
>>> 5:48:56 AM".
>>>
>>>> Does the container use an Array-List or a HashMap to store the
>>>> HTTPSessions?
>>>
>>> The servlet specification does not mandate any particular storage
>>> mechanism, so the container is free to decide what is best.
>>>
>>>> What is the limit of the maximum sessions?
>>>
>>> There is a very large theoretical maximum of (Integer.MAX_VALUE/2) *
>>> Integer.MAX_VALUE because String values (session ids) are limited to
>>> MAX_VALUE characters and characters are identified by integers. But
>>> you'll run out of storage (or any kind) way before that.
>>>
>>>> Are the sessions stored in RAM?
>>>
>>> The servlet specification does not mandate any particular storage
>>> mechanism, so the container is free to decide what is best.
>>>
>>> In Tomcat, sessions are stored in memory (Java heap) by default.
>>> There are other mechanisms that can persist session information to
>>> various places. The standard manager will persist sessions to the
>>> disk during webapp reloads, but otherwise the sessions reside
>>> exclusively in memory.
>>>
>>>> I am aware that persistent sessions will need a data-store/database
>>>> to the sessions. But how does it handle the non persistent ones ?
>>>
>>> I encourage you to look at the source for StandardManager if you
>>> want to really know what's going on.
>>>
>>>> I have also consulted-:
>>>> http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
>>>
>>>> But this too failed to give the location of non-persistent
>>>> sessions.
>>>
>>> Java heap memory.
>>>
>>>> Anyone who does Tomcat development and meddles around with the
>>>> source, there feedback will be highly appreciated.
>>>
>>> Check the source code. Start with
>>> org.apache.catalina.session.StandardManager
>>>
>>> -chris
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by Sreyan Chakravarty <sr...@gmail.com>.
I beg to differ but every time a new request is sent to the server, Tomcat
creates a new session for it. So yes Tomcat creates a session even if the
application does not ask for it. Every unique session generates an unique
session id on the server.
On Wed, Jan 21, 2015 at 1:06 PM, Mark Thomas <ma...@apache.org> wrote:
> On 21/01/2015 06:04, sreyan32@gmail.com wrote:
> > Is there any way for stopping sessions to be created for each
> > “first-time” GET request to an ordinary page ?
>
> Don't create a session in that page. Tomcat doesn't create a session
> unless the application asks for it.
>
> Note:
> - JSP pages create sessions by default but this behaviour is configurable.
> - FORM auth requires a session in order to work
>
> Mark
>
>
> > Because doesn't it
> > seem redundant that even if the developer is not using the session,
> > the server will still create one ?
> >
> >
> > A real life popular website has millions of users at a time. So how
> > come the server is not overloaded by sessions ?
> >
> >
> >
> >
> >
> >
> > Regards Sreyan Chakravarty
> >
> >
> >
> >
> >
> > From: Christopher Schultz Sent: Sunday, January 18, 2015
> > 12:28 AM To: Tomcat Users List
> >
> >
> >
> >
> >
> > Sreyan,
> >
> > On 1/17/15 12:45 PM, sreyan32@gmail.com wrote:
> >> I am new to Tomcat and interested in learning how to works
> >> internally. I was reading the following thread on JavaRanch but it
> >> did not give a concrete answer-:
> >
> >> http://www.coderanch.com/t/467039/Tomcat/sessions-stored
> >
> > Tim Holloway answered this in the second response on "10/19/2009
> > 5:48:56 AM".
> >
> >> Does the container use an Array-List or a HashMap to store the
> >> HTTPSessions?
> >
> > The servlet specification does not mandate any particular storage
> > mechanism, so the container is free to decide what is best.
> >
> >> What is the limit of the maximum sessions?
> >
> > There is a very large theoretical maximum of (Integer.MAX_VALUE/2) *
> > Integer.MAX_VALUE because String values (session ids) are limited to
> > MAX_VALUE characters and characters are identified by integers. But
> > you'll run out of storage (or any kind) way before that.
> >
> >> Are the sessions stored in RAM?
> >
> > The servlet specification does not mandate any particular storage
> > mechanism, so the container is free to decide what is best.
> >
> > In Tomcat, sessions are stored in memory (Java heap) by default.
> > There are other mechanisms that can persist session information to
> > various places. The standard manager will persist sessions to the
> > disk during webapp reloads, but otherwise the sessions reside
> > exclusively in memory.
> >
> >> I am aware that persistent sessions will need a data-store/database
> >> to the sessions. But how does it handle the non persistent ones ?
> >
> > I encourage you to look at the source for StandardManager if you
> > want to really know what's going on.
> >
> >> I have also consulted-:
> >> http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
> >
> >> But this too failed to give the location of non-persistent
> >> sessions.
> >
> > Java heap memory.
> >
> >> Anyone who does Tomcat development and meddles around with the
> >> source, there feedback will be highly appreciated.
> >
> > Check the source code. Start with
> > org.apache.catalina.session.StandardManager
> >
> > -chris
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Where are my non-persistent sessions stored ?
Posted by Mark Thomas <ma...@apache.org>.
On 21/01/2015 06:04, sreyan32@gmail.com wrote:
> Is there any way for stopping sessions to be created for each
> “first-time” GET request to an ordinary page ?
Don't create a session in that page. Tomcat doesn't create a session
unless the application asks for it.
Note:
- JSP pages create sessions by default but this behaviour is configurable.
- FORM auth requires a session in order to work
Mark
> Because doesn't it
> seem redundant that even if the developer is not using the session,
> the server will still create one ?
>
>
> A real life popular website has millions of users at a time. So how
> come the server is not overloaded by sessions ?
>
>
>
>
>
>
> Regards Sreyan Chakravarty
>
>
>
>
>
> From: Christopher Schultz Sent: Sunday, January 18, 2015
> 12:28 AM To: Tomcat Users List
>
>
>
>
>
> Sreyan,
>
> On 1/17/15 12:45 PM, sreyan32@gmail.com wrote:
>> I am new to Tomcat and interested in learning how to works
>> internally. I was reading the following thread on JavaRanch but it
>> did not give a concrete answer-:
>
>> http://www.coderanch.com/t/467039/Tomcat/sessions-stored
>
> Tim Holloway answered this in the second response on "10/19/2009
> 5:48:56 AM".
>
>> Does the container use an Array-List or a HashMap to store the
>> HTTPSessions?
>
> The servlet specification does not mandate any particular storage
> mechanism, so the container is free to decide what is best.
>
>> What is the limit of the maximum sessions?
>
> There is a very large theoretical maximum of (Integer.MAX_VALUE/2) *
> Integer.MAX_VALUE because String values (session ids) are limited to
> MAX_VALUE characters and characters are identified by integers. But
> you'll run out of storage (or any kind) way before that.
>
>> Are the sessions stored in RAM?
>
> The servlet specification does not mandate any particular storage
> mechanism, so the container is free to decide what is best.
>
> In Tomcat, sessions are stored in memory (Java heap) by default.
> There are other mechanisms that can persist session information to
> various places. The standard manager will persist sessions to the
> disk during webapp reloads, but otherwise the sessions reside
> exclusively in memory.
>
>> I am aware that persistent sessions will need a data-store/database
>> to the sessions. But how does it handle the non persistent ones ?
>
> I encourage you to look at the source for StandardManager if you
> want to really know what's going on.
>
>> I have also consulted-:
>> http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
>
>> But this too failed to give the location of non-persistent
>> sessions.
>
> Java heap memory.
>
>> Anyone who does Tomcat development and meddles around with the
>> source, there feedback will be highly appreciated.
>
> Check the source code. Start with
> org.apache.catalina.session.StandardManager
>
> -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by sr...@gmail.com.
Is there any way for stopping sessions to be created for each “first-time” GET request to an ordinary page ? Because doesn't it seem redundant that even if the developer is not using the session, the server will still create one ?
A real life popular website has millions of users at a time. So how come the server is not overloaded by sessions ?
Regards
Sreyan Chakravarty
From: Christopher Schultz
Sent: Sunday, January 18, 2015 12:28 AM
To: Tomcat Users List
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sreyan,
On 1/17/15 12:45 PM, sreyan32@gmail.com wrote:
> I am new to Tomcat and interested in learning how to works
> internally. I was reading the following thread on JavaRanch but it
> did not give a concrete answer-:
>
> http://www.coderanch.com/t/467039/Tomcat/sessions-stored
Tim Holloway answered this in the second response on "10/19/2009
5:48:56 AM".
> Does the container use an Array-List or a HashMap to store the
> HTTPSessions?
The servlet specification does not mandate any particular storage
mechanism, so the container is free to decide what is best.
> What is the limit of the maximum sessions?
There is a very large theoretical maximum of (Integer.MAX_VALUE/2) *
Integer.MAX_VALUE because String values (session ids) are limited to
MAX_VALUE characters and characters are identified by integers. But
you'll run out of storage (or any kind) way before that.
> Are the sessions stored in RAM?
The servlet specification does not mandate any particular storage
mechanism, so the container is free to decide what is best.
In Tomcat, sessions are stored in memory (Java heap) by default. There
are other mechanisms that can persist session information to various
places. The standard manager will persist sessions to the disk during
webapp reloads, but otherwise the sessions reside exclusively in memory.
> I am aware that persistent sessions will need a
> data-store/database to the sessions. But how does it handle the non
> persistent ones ?
I encourage you to look at the source for StandardManager if you want
to really know what's going on.
> I have also consulted-:
> http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
>
> But this too failed to give the location of non-persistent
> sessions.
Java heap memory.
> Anyone who does Tomcat development and meddles around with the
> source, there feedback will be highly appreciated.
Check the source code. Start with
org.apache.catalina.session.StandardManager
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUurDmAAoJEBzwKT+lPKRYXaAQALx2GJgHjYNaj24WymwvkOoX
sf1r4e7jQJyKvAMvlDqw5nyULlnCgP+ty2Eti/zEJSadQpvFvJwq+eImtYEWONsF
Ox0Mi8wVHZgoe8sOFowUY+Jh3QlNBf+fa0y/6zszMvxmO4oajXNOwVq/tqzPlTvb
ta2LiGhj+bqcuklS45sBNG29MRXYLV4bwXm0SOSBTUhpA2f3HGvcDFJ7jSlPbChC
4xb9jObhOzdrrFAK06Wytnfebv0jp9InibT6/UoHOkv4CI7nzcwIAULYL+lhjHUx
6qrKwkQBd00F+jdzwquhREEKIIhIoPrYuEI/PlXNz2km+INIVVbQP+VqbFh0YQn8
8N5Ik8qOBPxZfAbSSFYfLHWS/2BxNQJ4KpK7bdek9G+uOMppcd6R5c+d931r9xAm
HOMor8dl087tT56kDGt0gASNxAniIuguN5pU/69xSeWC7/545IcNwfcXZSmBuzd+
ypoa0rict6SiVRxtVxfg61LjhSfCnkfbxbSSuIJsipvPB/4WLYF3PMDrRT+frQWI
zlUr3Ithy2RAUyplC4jxuK8czV+a2Kl8iCdSJW0C1lL4BKeu/C5DSNA7ajd2dmoe
T27DzHBBWqJJ3Kmy4uyRL7T8XXgh5Ut//vwKPq+JmtYesqU397CR1MPB2H+DyXGv
Ubbs7yND+vMkpozn9M9+
=bsUx
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Where are my non-persistent sessions stored ?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sreyan,
On 1/17/15 12:45 PM, sreyan32@gmail.com wrote:
> I am new to Tomcat and interested in learning how to works
> internally. I was reading the following thread on JavaRanch but it
> did not give a concrete answer-:
>
> http://www.coderanch.com/t/467039/Tomcat/sessions-stored
Tim Holloway answered this in the second response on "10/19/2009
5:48:56 AM".
> Does the container use an Array-List or a HashMap to store the
> HTTPSessions?
The servlet specification does not mandate any particular storage
mechanism, so the container is free to decide what is best.
> What is the limit of the maximum sessions?
There is a very large theoretical maximum of (Integer.MAX_VALUE/2) *
Integer.MAX_VALUE because String values (session ids) are limited to
MAX_VALUE characters and characters are identified by integers. But
you'll run out of storage (or any kind) way before that.
> Are the sessions stored in RAM?
The servlet specification does not mandate any particular storage
mechanism, so the container is free to decide what is best.
In Tomcat, sessions are stored in memory (Java heap) by default. There
are other mechanisms that can persist session information to various
places. The standard manager will persist sessions to the disk during
webapp reloads, but otherwise the sessions reside exclusively in memory.
> I am aware that persistent sessions will need a
> data-store/database to the sessions. But how does it handle the non
> persistent ones ?
I encourage you to look at the source for StandardManager if you want
to really know what's going on.
> I have also consulted-:
> http://tomcat.apache.org/tomcat-8.0-doc/config/manager.html
>
> But this too failed to give the location of non-persistent
> sessions.
Java heap memory.
> Anyone who does Tomcat development and meddles around with the
> source, there feedback will be highly appreciated.
Check the source code. Start with
org.apache.catalina.session.StandardManager
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUurDmAAoJEBzwKT+lPKRYXaAQALx2GJgHjYNaj24WymwvkOoX
sf1r4e7jQJyKvAMvlDqw5nyULlnCgP+ty2Eti/zEJSadQpvFvJwq+eImtYEWONsF
Ox0Mi8wVHZgoe8sOFowUY+Jh3QlNBf+fa0y/6zszMvxmO4oajXNOwVq/tqzPlTvb
ta2LiGhj+bqcuklS45sBNG29MRXYLV4bwXm0SOSBTUhpA2f3HGvcDFJ7jSlPbChC
4xb9jObhOzdrrFAK06Wytnfebv0jp9InibT6/UoHOkv4CI7nzcwIAULYL+lhjHUx
6qrKwkQBd00F+jdzwquhREEKIIhIoPrYuEI/PlXNz2km+INIVVbQP+VqbFh0YQn8
8N5Ik8qOBPxZfAbSSFYfLHWS/2BxNQJ4KpK7bdek9G+uOMppcd6R5c+d931r9xAm
HOMor8dl087tT56kDGt0gASNxAniIuguN5pU/69xSeWC7/545IcNwfcXZSmBuzd+
ypoa0rict6SiVRxtVxfg61LjhSfCnkfbxbSSuIJsipvPB/4WLYF3PMDrRT+frQWI
zlUr3Ithy2RAUyplC4jxuK8czV+a2Kl8iCdSJW0C1lL4BKeu/C5DSNA7ajd2dmoe
T27DzHBBWqJJ3Kmy4uyRL7T8XXgh5Ut//vwKPq+JmtYesqU397CR1MPB2H+DyXGv
Ubbs7yND+vMkpozn9M9+
=bsUx
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org