You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by sudip pattanayak <ge...@yahoo.co.in> on 2009/02/10 08:36:57 UTC

Tomcats Sessions not getting released

Hi,

We have an implementation where by we call the value unbound to release sessions for any users.

For any user which does not logoff from the previous session we logoff the user forcefully for the next session he tries to login.

But there are couple of instances not consistent though that the sessions instances remains active and the forcefull loggoff fails.....So far my understanding and the what the logs suggests that the Tomcat does not release the previous sessions....

Regards,
Sudip



      Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/

Re: Tomcats Sessions not getting released

Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sudip,

On 2/11/2009 12:21 AM, sudip pattanayak wrote:
> Actually our design structure is such that we allow just one session
> for any user.

I understand.

> So when if a user is logged in any other system or he has not logged
> off the previous instance, and then again he tries to login then we
> tell the user that your session is already active, do you want
> forcefully loggoff or not, if he says yes then the the previous
> sessions are identified and we give a call to the normal logoff
> function.

I also understand this. I asked HOW you are accomplishing this. If you
are, for instance, keeping references to all sessions then you are
probably causing those sessions to remain in memory yourself, rather
than Tomcat doing something improper.

So, how do you identify a user's existing sessions? There is no servlet
API method that can do that. There is no servlet API method or set of
methods that allow you to even traverse all active sessions. So, you
must be doing some kind of storage of those sessions yourself. How? Post
code.

> But the problem comes when sometime this forcefull logoff fails. The
> session the user is logged in previously is not released when the
> forcefull logoff is called and therfore the function fails and  the
> subsequent login is not allowed.

How do you attempt to "forcefully logoff" the user? Be specific.

> In the logoff function we call the session ID is identified for the
> previous login of the user and at the same time value unbound is
> called so that the user is releases from the earlier session.

Do you mean you call:

oldSession.removeValue("user")

or something like that?

That's not a logout. That's just removing an attribute from the session
("value" became "attribute" nearly 10 years ago, btw).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmS04YACgkQ9CaO5/Lv0PDw5wCfWqQuxCq+sku34jUzxluGO8hU
qKQAnRm/7USwGA0fvaNFdhcyeKyvgac4
=riu8
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcats Sessions not getting released

Posted by sudip pattanayak <ge...@yahoo.co.in>.
Hi Chirstopher,
 
Thanks for responding.
 
Actually our design structure is such that we allow just one session for any user.
 
So when if a user is logged in any other system or he has not logged off the previous instance, and then again he tries to login then we tell the user that your session is already active, do you want forcefully loggoff or not, if he says yes then the the previous sessions are identified and we give a call to the normal logoff function.
 
But the problem comes when sometime this forcefull logoff fails. The session the user is logged in previously is not released when the forcefull logoff is called and therfore the function fails and  the subsequent login is not allowed.
 
In the logoff function we call the session ID is identified for the previous login of the user and at the same time value unbound is called so that the user is releases from the earlier session.
 
Please let me know if you need any more info......
 
Thanks,
Sudip

--- On Wed, 11/2/09, Christopher Schultz <ch...@christopherschultz.net> wrote:

From: Christopher Schultz <ch...@christopherschultz.net>
Subject: Re: Tomcats Sessions not getting released
To: "Tomcat Users List" <us...@tomcat.apache.org>
Date: Wednesday, 11 February, 2009, 1:37 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sudip,

On 2/10/2009 2:36 AM, sudip pattanayak wrote:
> We have an implementation where by we call the value unbound to
> release sessions for any users.

Could you explain this in more detail?

> For any user which does not logoff from the previous session we
> logoff the user forcefully for the next session he tries to login.

How do you force a logoff? Do you store all created sessions somewhere?
If so, how and where do you store them?

> But there are couple of instances not consistent though that the
> sessions instances remains active and the forceful log-off
> fails.....So far my understanding and the what the logs suggests that
> the Tomcat does not release the previous sessions....

Again, how do you actually perform the "forceful log-off"?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmR3nUACgkQ9CaO5/Lv0PAvcACbBTZyzjveiLjBeqVDLCR8GFkR
ZcQAn1PjKnIN5Rcn/jWufrL8nIXQKSnI
=u9CY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




      Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/

Re: Tomcats Sessions not getting released

Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sudip,

On 2/10/2009 2:36 AM, sudip pattanayak wrote:
> We have an implementation where by we call the value unbound to
> release sessions for any users.

Could you explain this in more detail?

> For any user which does not logoff from the previous session we
> logoff the user forcefully for the next session he tries to login.

How do you force a logoff? Do you store all created sessions somewhere?
If so, how and where do you store them?

> But there are couple of instances not consistent though that the
> sessions instances remains active and the forceful log-off
> fails.....So far my understanding and the what the logs suggests that
> the Tomcat does not release the previous sessions....

Again, how do you actually perform the "forceful log-off"?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmR3nUACgkQ9CaO5/Lv0PAvcACbBTZyzjveiLjBeqVDLCR8GFkR
ZcQAn1PjKnIN5Rcn/jWufrL8nIXQKSnI
=u9CY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org