How to monitor and delete timed out sessions in Tomcat

Preface

I accidentally discovered that the half-hour Tomcat session time does not mean that after the session is created, it is only valid for half an hour, but that the session will be deleted after being idle for half an hour. I just flipped through the source code. Did some tidying up.

Note: Idle time refers to the interval between two requests in the same session.

Session related class diagram

• HttpSession is the Session that can be used directly by the Servlet layer.
• Session is an interface used internally by Tomcat, which can perform some internal calls
• StandardSession is a standard HttpSession implementation. It also implements the Session interface for internal management of Tomcat.
• StandardSessionFacade, the class name has already indicated that it is a "facade class", which internally references a StandardSession object, but only provides the methods specified by HttpSession to the outside world.

Manager related class diagram

StandardManager and PersitentManager are both implementations of Manager, but they differ in the way they store Session objects.

StandarManager

1. When Tomcat is running, the Session is stored in memory

2. When Tomcat is shut down (note that it is a normal shutdown operation, not a sudden crash), the Session will be written to the disk and loaded again after Tomcat is restarted.

PersistentManager

1. Always store the Session on disk.

Relationship between Manager and Context

In Tomcat, a Context is an application (Webapp) deployed to Tomcat. Each Context has a separate Manager object to manage the session information of the application.

How Manager Stores Sessions

The Manager object uses a Map to store Session objects

• Key => SessionId
• Value => Session Object

 /**
  * The set of currently active Sessions for this Manager, keyed by
  * session identifier.
  */
 protected Map<String, Session> sessions = new ConcurrentHashMap<>();

When a request arrives at the Context, if it carries a JSESSIONID cookie, the Manager can find the associated Session object and put it into the Request object.

Periodic Inspection of Manager

The Manager interface has a backgroundProcess() method, which, as the name suggests, is background processing.

/**
  * This method will be invoked by the context/container on a periodic
  * basis and allows the manager to implement
  * a method that executes periodic tasks, such as expiring sessions etc.
  */
 public void backgroundProcess();

Note: The Container interface also has this method. This method usually starts an additional thread to execute the backgroundProcess method when the container is started. After this method of Context is started, the backgroundProcess methods of Loader and Manager will be executed.

Let's take a look at what this method does?

/**
 * {@inheritDoc}
 * <p>
 * Direct call to {@link #processExpires()}
 */
@Override
public void backgroundProcess() {
 count = (count + 1) % processExpiresFrequency;
 if (count == 0) //If the check frequency is reached, start checking processExpires();
}

/**
 * Invalidate all sessions that have expired.
 */
public void processExpires() {

 long timeNow = System.currentTimeMillis();
 Session sessions[] = findSessions(); //Get all session objects int expireHere = 0 ; //Number of expired sessions, don't be fooled by this variable name if(log.isDebugEnabled())
  log.debug("Start expire sessions " + getName() + " at " + timeNow + " sessioncount " + sessions.length);
 for (int i = 0; i < sessions.length; i++) {
  if (sessions[i]!=null && !sessions[i].isValid()) {
   expireHere++;
  }
 }
 long timeEnd = System.currentTimeMillis();
 if(log.isDebugEnabled()) //Print records log.debug("End expire sessions " + getName() + " processingTime " + (timeEnd - timeNow) + " expired sessions: " + expireHere);
 processingTime += ( timeEnd - timeNow );

}

Many people may have the same doubts as me when seeing this, that is, there is no operation to make the Session expire, it seems that only a status check is done. But later I saw the implementation of Session's isValid method and understood everything.

/**
 * Return the <code>isValid</code> flag for this session.
 */
@Override
public boolean isValid() {

 if (!this.isValid) {
  return false;
 }

 if (this.expiring) {
  return true;
 }

 if (ACTIVITY_CHECK && accessCount.get() > 0) {
  return true;
 }

 //The key point //If the maximum idle time is set, //get the idle time of this Session for judgment //If it has timed out, execute the expire operation if (maxInactiveInterval > 0) { 
  int timeIdle = (int) (getIdleTimeInternal() / 1000L);
  if (timeIdle >= maxInactiveInterval) {
   expire(true);
  }
 }

 return this.isValid;
}

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.