You are viewing a plain text version of this content. The canonical link for it is here.

Posted to soap-dev@ws.apache.org by "Pradhan, Chirag" <Ch...@VerizonWireless.com> on 2002/07/30 23:58:38 UTC

Request Scope does not invalidate the session at the end of the r equest, long-lived sessions hang until timeout causing out-of-sessions er ror.

We did a test using Apache SOAP and Tomcat server.

We set the session timeout to 15 minutes.
We set number of sessions to 10
We set the scope of the deployed service to "Request"

We ran a client connecting 20 times and got "Null pointer" exceptions after
the 10th call.  The log indicted that we had run out of sessions.

When we looked in the code, we saw that the session is never invalidated
after the request completes (it should be invalidated in a finally block).
This gives the effect of "Request" scope hanging around until the session
times out.  Since the apps set with "Request" scope can't be accesses, you
have dead sessions hanging around until the session times out.

We have modified the RPCRouterServlet class to invalidate session if the
scope is "Request".  When testing this by looking at the SOAP sessions from
the manager/list servlet, the sessions no longer consumes all available
sessions.

Can a developer validate this assumption?  Also, if it is an error, when
might the code be patched and released.  Is anyone else having this problem?
And is this the right place to submit a bug/code change??

See attached code.

 <<RPCRouterServlet.java>>

Re: Request Scope does not invalidate the session at the end of the request, long-lived sessions hang until timeout causing out-of-sessions error.

Posted by Scott Nichol <sn...@scottnichol.com>.

I have just checked in some code to address both the NPE and the need to be
able to specify that sessions should not be created for a service.  To
suppress session creation for your service, add an element

<isd:option key="SessionRequired" value="false/>

as a child to the <isd:provider> in your deployment descriptor.  For
example, the deployment descriptor for the addressbook sample would be

<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment"
             id="urn:AddressFetcher">
  <isd:provider type="java"
                scope="Application"
                methods="getAddressFromName addEntry getAllListings
putListings">
    <isd:java class="samples.addressbook.AddressBook" static="false"/>
    <isd:option key="SessionRequired" value="false"/>
  </isd:provider>


<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListene
r>

  <isd:mappings>
    <isd:map encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
             xmlns:x="urn:xml-soap-address-demo" qname="x:address"
             javaType="samples.addressbook.Address"

java2XMLClassName="org.apache.soap.encoding.soapenc.BeanSerializer"

xml2JavaClassName="org.apache.soap.encoding.soapenc.BeanSerializer"/>
    <isd:map encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
             xmlns:x="urn:xml-soap-address-demo" qname="x:phone"
             javaType="samples.addressbook.PhoneNumber"

java2XMLClassName="org.apache.soap.encoding.soapenc.BeanSerializer"

xml2JavaClassName="org.apache.soap.encoding.soapenc.BeanSerializer"/>
  </isd:mappings>
</isd:service>

To use this capability, of course, you need to get the latest source from
CVS or grab a new nightly build.

Scott Nichol

----- Original Message -----
From: "Pradhan, Chirag" <Ch...@VerizonWireless.com>
To: <so...@xml.apache.org>
Sent: Tuesday, July 30, 2002 5:58 PM
Subject: Request Scope does not invalidate the session at the end of the
request, long-lived sessions hang until timeout causing out-of-sessions
error.


We did a test using Apache SOAP and Tomcat server.

We set the session timeout to 15 minutes.
We set number of sessions to 10
We set the scope of the deployed service to "Request"

We ran a client connecting 20 times and got "Null pointer" exceptions after
the 10th call.  The log indicted that we had run out of sessions.

When we looked in the code, we saw that the session is never invalidated
after the request completes (it should be invalidated in a finally block).
This gives the effect of "Request" scope hanging around until the session
times out.  Since the apps set with "Request" scope can't be accesses, you
have dead sessions hanging around until the session times out.

We have modified the RPCRouterServlet class to invalidate session if the
scope is "Request".  When testing this by looking at the SOAP sessions from
the manager/list servlet, the sessions no longer consumes all available
sessions.

Can a developer validate this assumption?  Also, if it is an error, when
might the code be patched and released.  Is anyone else having this problem?
And is this the right place to submit a bug/code change??

See attached code.

 <<RPCRouterServlet.java>>




----------------------------------------------------------------------------
----


--
To unsubscribe, e-mail:   <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>


--
To unsubscribe, e-mail:   <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>

Re: Request Scope does not invalidate the session at the end of the request, long-lived sessions hang until timeout causing out-of-sessions error.

Posted by Scott Nichol <sn...@scottnichol.com>.

The NPE you are experiencing definitely qualifies as a bug and should be
fixed.

IMO, the out-of-sessions error is a configuration problem for you.  Apache
SOAP always creates sessions.  You can minimize the number of sessions
created by re-using a single SOAPHTTPConnection across multiple calls, so
that the session will remain active, and the server will not create a new
session for every call.

Your method of invalidating the session works for you, but it is not good in
general for Apache SOAP users.  For one thing, it is quite possible to make
a mixture of application, session and request scope calls on a single
SOAPHTTPConnection.  Invalidating the session for each request scope call
would cause a new session to be created for a subsequent session scope call.
Additionally, it is still possible for a scope level service to use the
session to store state.  The scope merely controls the instantiation and
synchronization of the service class.  Sessions still exist within the
servlet container, and the service class is free to use them.

The timing of your e-mail is good, however, as I was noticing the overhead
of session creation on various servlet containers, and have been thinking
about a means to optionally suppress session creation for a service.  I may
post a change related to this within the next couple of days.

Scott Nichol

----- Original Message -----
From: "Pradhan, Chirag" <Ch...@VerizonWireless.com>
To: <so...@xml.apache.org>
Sent: Tuesday, July 30, 2002 5:58 PM
Subject: Request Scope does not invalidate the session at the end of the
request, long-lived sessions hang until timeout causing out-of-sessions
error.


> We did a test using Apache SOAP and Tomcat server.
>
> We set the session timeout to 15 minutes.
> We set number of sessions to 10
> We set the scope of the deployed service to "Request"
>
> We ran a client connecting 20 times and got "Null pointer" exceptions
after
> the 10th call.  The log indicted that we had run out of sessions.
>
> When we looked in the code, we saw that the session is never invalidated
> after the request completes (it should be invalidated in a finally block).
> This gives the effect of "Request" scope hanging around until the session
> times out.  Since the apps set with "Request" scope can't be accesses, you
> have dead sessions hanging around until the session times out.
>
> We have modified the RPCRouterServlet class to invalidate session if the
> scope is "Request".  When testing this by looking at the SOAP sessions
from
> the manager/list servlet, the sessions no longer consumes all available
> sessions.
>
> Can a developer validate this assumption?  Also, if it is an error, when
> might the code be patched and released.  Is anyone else having this
problem?
> And is this the right place to submit a bug/code change??
>
> See attached code.
>
>  <<RPCRouterServlet.java>>
>
>


----------------------------------------------------------------------------
----


> --
> To unsubscribe, e-mail:   <ma...@xml.apache.org>
> For additional commands, e-mail: <ma...@xml.apache.org>

Re: Request Scope does not invalidate the session at the end of the request, long-lived sessions hang until timeout causing out-of-sessions error.

Posted by Scott Nichol <sn...@scottnichol.com>.

The NPE you are experiencing definitely qualifies as a bug and should be
fixed.

IMO, the out-of-sessions error is a configuration problem for you.  Apache
SOAP always creates sessions.  You can minimize the number of sessions
created by re-using a single SOAPHTTPConnection across multiple calls, so
that the session will remain active, and the server will not create a new
session for every call.

Your method of invalidating the session works for you, but it is not good in
general for Apache SOAP users.  For one thing, it is quite possible to make
a mixture of application, session and request scope calls on a single
SOAPHTTPConnection.  Invalidating the session for each request scope call
would cause a new session to be created for a subsequent session scope call.
Additionally, it is still possible for a scope level service to use the
session to store state.  The scope merely controls the instantiation and
synchronization of the service class.  Sessions still exist within the
servlet container, and the service class is free to use them.

The timing of your e-mail is good, however, as I was noticing the overhead
of session creation on various servlet containers, and have been thinking
about a means to optionally suppress session creation for a service.  I may
post a change related to this within the next couple of days.

Scott Nichol

----- Original Message -----
From: "Pradhan, Chirag" <Ch...@VerizonWireless.com>
To: <so...@xml.apache.org>
Sent: Tuesday, July 30, 2002 5:58 PM
Subject: Request Scope does not invalidate the session at the end of the
request, long-lived sessions hang until timeout causing out-of-sessions
error.


> We did a test using Apache SOAP and Tomcat server.
>
> We set the session timeout to 15 minutes.
> We set number of sessions to 10
> We set the scope of the deployed service to "Request"
>
> We ran a client connecting 20 times and got "Null pointer" exceptions
after
> the 10th call.  The log indicted that we had run out of sessions.
>
> When we looked in the code, we saw that the session is never invalidated
> after the request completes (it should be invalidated in a finally block).
> This gives the effect of "Request" scope hanging around until the session
> times out.  Since the apps set with "Request" scope can't be accesses, you
> have dead sessions hanging around until the session times out.
>
> We have modified the RPCRouterServlet class to invalidate session if the
> scope is "Request".  When testing this by looking at the SOAP sessions
from
> the manager/list servlet, the sessions no longer consumes all available
> sessions.
>
> Can a developer validate this assumption?  Also, if it is an error, when
> might the code be patched and released.  Is anyone else having this
problem?
> And is this the right place to submit a bug/code change??
>
> See attached code.
>
>  <<RPCRouterServlet.java>>
>
>


----------------------------------------------------------------------------
----


> --
> To unsubscribe, e-mail:   <ma...@xml.apache.org>
> For additional commands, e-mail: <ma...@xml.apache.org>


--
To unsubscribe, e-mail:   <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>

Re: Request Scope does not invalidate the session at the end of the request, long-lived sessions hang until timeout causing out-of-sessions error.

Posted by Scott Nichol <sn...@scottnichol.com>.

I have just checked in some code to address both the NPE and the need to be
able to specify that sessions should not be created for a service.  To
suppress session creation for your service, add an element

<isd:option key="SessionRequired" value="false/>

as a child to the <isd:provider> in your deployment descriptor.  For
example, the deployment descriptor for the addressbook sample would be

<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment"
             id="urn:AddressFetcher">
  <isd:provider type="java"
                scope="Application"
                methods="getAddressFromName addEntry getAllListings
putListings">
    <isd:java class="samples.addressbook.AddressBook" static="false"/>
    <isd:option key="SessionRequired" value="false"/>
  </isd:provider>


<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListene
r>

  <isd:mappings>
    <isd:map encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
             xmlns:x="urn:xml-soap-address-demo" qname="x:address"
             javaType="samples.addressbook.Address"

java2XMLClassName="org.apache.soap.encoding.soapenc.BeanSerializer"

xml2JavaClassName="org.apache.soap.encoding.soapenc.BeanSerializer"/>
    <isd:map encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
             xmlns:x="urn:xml-soap-address-demo" qname="x:phone"
             javaType="samples.addressbook.PhoneNumber"

java2XMLClassName="org.apache.soap.encoding.soapenc.BeanSerializer"

xml2JavaClassName="org.apache.soap.encoding.soapenc.BeanSerializer"/>
  </isd:mappings>
</isd:service>

To use this capability, of course, you need to get the latest source from
CVS or grab a new nightly build.

Scott Nichol

----- Original Message -----
From: "Pradhan, Chirag" <Ch...@VerizonWireless.com>
To: <so...@xml.apache.org>
Sent: Tuesday, July 30, 2002 5:58 PM
Subject: Request Scope does not invalidate the session at the end of the
request, long-lived sessions hang until timeout causing out-of-sessions
error.


We did a test using Apache SOAP and Tomcat server.

We set the session timeout to 15 minutes.
We set number of sessions to 10
We set the scope of the deployed service to "Request"

We ran a client connecting 20 times and got "Null pointer" exceptions after
the 10th call.  The log indicted that we had run out of sessions.

When we looked in the code, we saw that the session is never invalidated
after the request completes (it should be invalidated in a finally block).
This gives the effect of "Request" scope hanging around until the session
times out.  Since the apps set with "Request" scope can't be accesses, you
have dead sessions hanging around until the session times out.

We have modified the RPCRouterServlet class to invalidate session if the
scope is "Request".  When testing this by looking at the SOAP sessions from
the manager/list servlet, the sessions no longer consumes all available
sessions.

Can a developer validate this assumption?  Also, if it is an error, when
might the code be patched and released.  Is anyone else having this problem?
And is this the right place to submit a bug/code change??

See attached code.

 <<RPCRouterServlet.java>>




----------------------------------------------------------------------------
----


--
To unsubscribe, e-mail:   <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>