Topic: 如何解决TOMCAT无故使session失效? |
 Print this page
|
| 1.如何解决TOMCAT无故使session失效? | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-18 21:16 公司一jsp项目已经使用半年,Tomcat 4.1.24 session周期设定为30分钟 最近老发生这样的情况, 用一会,无规律的session失效,有时候10多分钟,有时候1分钟不到,所有session集体失效. 是用filter检查有无登陆,也就是检查session. 所以很容易知道发生这样的情况. 苦恼阿,客户吊的厉害, 请高手帮忙!! | |
| 2.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ejb Posted on: 2003-08-19 09:52 通常有class update才会出现这种情况。 | |
| 3.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-19 21:38 没有, | |
| 4.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: jameszhang Posted on: 2003-08-19 22:01 会不会代码中有清除SESSION对象的语句使用不当呢? | |
| 5.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: yadan Posted on: 2003-08-20 13:20 我以前也遇到过这种情况,非常苦恼。 而且我还碰到html框架之间的session不同步的问题,一直没有解决。 望高人指点! 除了tomcat,大家都用什么比较便宜稳定的jsp/servlet服务器? | |
| 6.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: richart Posted on: 2003-08-20 14:17 看看你们实现的Java Bean 有没有 implements Serializable .... 最近我从事的一个项目,碰到过类似的问题。 尝试着 用weblogic8.1 Server发布一下你们的Application. 在weblogic下配置session有效时间,看看能否成功? | |
| 7.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: richart Posted on: 2003-08-20 14:26 最好看看 Serializable类 的用途。。。 | |
| 8.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: yung Posted on: 2003-08-20 16:43 和服务器关系不大! 我碰到的情况是和IE有关系。解决问题的关键是不能在地址栏直接输入 url地址,最好是弹出另外一个窗口, 如下: 建立一入口页面,其中的链接一定要这样写: <a href="http://ip:8080/myapp/" target=_blank><li>MyMIS系统</a> Try it! Good LUCK! | |
| 9.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: qilong2000 Posted on: 2003-08-21 10:08 换一个web服务器试一试,另外你可以增加session的监控代码,session失效的时候打印一些信息,这样方便检察,servlet2。3 已经支持session事件了,session失效的时候会触发事件,可能可以发现问题所在 | |
| 10.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-21 13:25 換服務器是最不實際的﹐跑了半年的項目誰敢能100%無縫轉到別的服務器﹐ 我在自己的机器上試驗過用resin還沒有跑完1/10流程﹐就出現亂碼啊等等 問題。 我現在的解決辦法是把東西保存在cookie﹐在登陸檢查的filter里面檢查 session和cookie﹐如果session為空cookie不為空就把cookie的東西裝進新 的session﹐客戶根本就不知道seession已經失效。退出登陸的時候把session和 cookie干掉。 而且很平滑﹐客戶再不抱怨無故被踢到登陸葉面了。 | |
| 11.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-21 22:26 edgeloner wrote: How come?? a J2EE compliant application should be able to run on any j2ee compliant app server, not just another machine. I could port my applications to any machine within 2 hours.
Are you using different web applications(different wars, ears)?? If you try to crossing web app boundary, then yea, you will have session issue, and your way is one of the ways to solve this, but be careful about your cookie because others could steal it. | |
| 12.Re:如何解决TOMCAT无故使session失效? [Re: floater] | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-21 22:58 如果做的规范且有考虑移植,当然可以很容易的转换server, 关键是你都不知道我们那项目有多破,我已经是第5个接手修理这烂东西了, 我接手到现在已经改了185个bug,真是恐怖阿. 不过也可以学到不少东西,: -) 项目并不算大就是个物流管理系统 我不敢去冒险,动则掉饭碗的事情. | |
| 13.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-22 03:18 实际上,这个例子给出了一个session的设计问题,如何管理http session, 一直是web application一个头疼的问题,实际上你的问题应该是服务器的问题,但是给了coder一个很好的教训--难道所有的session真的能只依赖于memory和cookie吗 现在给出两种方案 1。 使用session listener,全面监管session的一举一动, 2。 使用数据库,在WAS 40是没有session failover的,也就是说 cluster环境里,一个服务器当了,在这个服务器上的所有用户 并不能fail到另一个机器上,为了解决这个问题,我们在check session 的时候特别向数据库备分来解决这个问题。 具体方案和源麻,如果谁有兴趣,可以email给我,大家讨论, shenr@wsaccess.com | |
| 14.Re:如何解决TOMCAT无故使session失效? [Re: ftang] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-22 05:07 ftang wrote: No offense, no hard feeling, but I hate this idea, (more of an IBM style). session management should be out of the application scope, so is clustering. These are app server's job. | |
| 15.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-22 21:37 But We ar not living in the perfect world, if the session management is out of application scope, and then we don't even have a talk here, and sync the session to database is not "weido" way, 60% website is doing this right now, why? because save the session in memory is not reliable, from microsoft shop to the java shop, reliable and performance trade off. then I tell u what IBM did to persistence the session, IBM WAS 5.0 invent a session called "distributed session" which means even the sever down, session still there, and once the server back, the session will be load into the web container, u know how they keep the persistence? database! if u sniffer the tcp/ip packets between the WAS and Database, you will find ur session informations fruquently transfer between two of them. last, I have some problem to express myself, when I say backup session to database, not means "write" mostly is "read", and now the new fashion way is the LDAP, for large traffic website, the designer should consider the LDAP server instead of Database to maintain the all the info about user... by the way, as System Designer, "hate" doesn't make any sense, I used to like u, hate to take responsibility which I should not handle, but hey, if the project fail, there is no way to blame on the platform, isn't it? | |
| 16.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-22 23:13 Glad to know you didn't take my "hash" word the other way around. Here is my experience/what I know. 1. session management should be at least the controller's job, app server's job, SSO(Single sign on)'s job, or load balancer's job, because every application uses it. If it's a common service, then we should extract out. 2. Among these ways, I had pleasant experience with load balancer, but others are also pretty good ideas too. 3. Here is my reason that I hate saving session in db("hate" means that I do everything possible to avoid that,  ). I first saw this idea in WAS 3.5, which is using a db2 database for sessions. For God's sake, I didn't have a db2. I have WAS 5, but use it at a minimum level(=when I have to). It's not surprised to me IBm still uses this trick, although I heard they took it out in version 4 due to complaints for version 3.5. When I saw
somehow I sense this is more like a load balancer's job. I sense they try to do load balancer's job, which has the idea "distributed session" for years around. Again, this is more of IBM style, one piece does all, tightly tied together, not loosely coupled(or real distributed, in my loose and auguable term). 4. Two more technical points lead me not to like this idea:
and
When I looked deep down, there is one question about session expiration. Say I want to have session expired after 30 minute idle time. Then after each user's click, do you need to update db to time next 30 minutes? If so, this will lead to frequent updates to db. If we have to manually handle this, add/update/delete, it would be very tricky and tedious. Furthermore, a frontend session issue is tied to the backend database, doesn't sound right to me. Secondly, what if I need to use a particular db rather than the ones that IBM supports? I personally think this is an overkill/step on someone else's toes. If I am small, powerless developer, I just want an app server up and running, quick and simple, maybe a bunch of properties setting, but that's it. Everything else, like db, session, should be add-ons, not restrictions that prevent me from starting the server. This is the fundamental difference that I have with IBM folks. This idea is not new, it's pretty much like the API designers - API designers could provide a set of functionalities, they should do their best to decouple the unrelated functionalities, rather than put everything together, like a spaghetti. One of the fundamental rules in computer science is encapsulation, or isolation, to isolate unrelated functionalities.
Hmm, I am not sure about the new fashion thing(I admit sometimes, I am igorant, or old fashioned,  ). I've been using LDAP for several years, I don't sense it has more advantage, I sense it's just another way. Care to expand this? Any new trend?
Hehe, thanks, like I said, hate=avoid it, not let the project fail. *sigh*, that's why I am so busy everyday to troubleshoot not only production problems, but also developer problems, software/hardware center problems, etc. I need to convince the managers to add $50 memory to each machine to save thousands on labor, I need to convince managers to give more time on development because the startup time for WAS is much longer than jb ...... WAS is not working in a way that developers expect, but jb/weblogic do. What developers expect is simple, quick, plug and play. My 2 cents. Comments/insights are welcome. | |
| 17.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-23 09:18 Since I have been working on the street for 7-8 yrs, in my field, most finance company stick w/ IBM, and so as I, I totally can understand ur feeling about IBM, because I have same feeling as u. but still we have basic difference: you think session is app server's job, and I don't think so. I have my reason, again, I hope you ar right, app server should handle the session management piece, but I havn't been seeing this session-failed-projects so many times, and I don't believe this saga anymore... IBM called its session -- "distributed session" -- basically used to fail httpsession over in the cluster enviroment...IBM don't support httpsession in 3.5 and 4.0 ( which kind of idiot design is this?) and the way they did is either "replicate memory" or "database persistence", and in the "database persistence" way they do persistent the session to the database, but, but not that offen, like u said, session maxintervaltime they ususally let the memory handle, because I don't know the "professional" way IBMers did, so I sniffer the tcp/ip packets, and find the traffice is pretty busy, so I can't tell u the way how ibm idiots doing over there( I tried to call the ibm support about that, they ar just act like stupid as their developers) sorry about this, once I know, I will let you know... I don't agree you another reason is from sun's J2EE api, if you trace the j2ee api from 1.2, 1.3 to 1.4 beta, you will find in javax.servlet.http package, the objects about httpsession is not decrease but increase, they get rid of the httpsessioncontext(1.3) object but add HttpSessionBindingListener(1.3) object and HttpSessionAttributeListener object, and also HttpSessionEvent, this let me feel even sun don't feel comfortable with their httpsession design, and in this case how could ask the app server --ibm or weblogic or jboss to offer application developer a perfect model? sorry about my attitude, sometimes I am too aggressive, but nothing personal, from ur words, I know you ar team leader/developer manager, same as me, I can totally understand everyday's ur troubles, because I am dealing with them everyday too, production problems(bug, change requirement), developing dead-line(stress from the CTO) and convince the operation team to follow the learn curve of WAS v5 and cross-training my team update-to-date technology, and that's why sometimes I don't have lot of time to explain lot of things( tons of documents havn't be done yet!!!) so maybe let you misunderstand me, the better way is if you ar around NY or you have time come to NY, we can come out to have a dinner and talk about the technology like friends... | |
| 18.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-27 01:13 Hehe, what can we do with those IBM s*ckers, .It's OK we diff, otherwise if the world was all the same, it would be pretty boring.  .httpsessioncontext is out due to security reason, 3 listeners were added, I think, is because we want to further seperate session management from apps by observer pattern, not tie them together(subscribe/publish). None taken, I am not a manager, can't stand those politics craps,  . I am in downtown on water street(near wall/water), maybe we could hang out for lunch some time later. I am taking vacation this week. Have fun. | |
| 19.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-27 11:56 Damn! I have feel u from the Street! u sounds like new yorker! I used to work in Goldman Sachs on Water, maybe we used to work in one building! I am Battery pl near the broadway, send me email shenr@wsaccess.com I buy u lunch even there is no any good chinese food around that area! damn, long time havn't met a geek like u... | |
| 20.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-28 13:35 Hehe... I am working in one of the Chase building. I walk by your building everyday from ferry. I'll talk with you next week some time after I come back from vacation, sowe could hang out for a lunch. | |
| 21.Re:如何解决TOMCAT无故使session失效? [Re: floater] | Copy to clipboard |
|
Posted by: wuliang Posted on: 2003-08-28 15:00 你们两个N人,巨多E文,我是看不下去了~~ 反正是解决了一个bug,可能会产生另一个bug,这两天试过一个jwma的open source,既然会出现随机错误 http://sourceforge.net/forum/forum.php?thread_id=891960&forum_id=46984 倒数第二个回复,在server.xml加上这句,也许也适合你这个情况 <Manager className="org.apache.catalina.session.PersistentManager" debug="0" saveOnRestart="false"> <Store className="org.apache.catalina.session.FileStore"/> </Manager> | |
| 22.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-28 20:56 这是不是把session保存在硬盘上,速度损失大不大? | |
| 23.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-29 03:44 实际上,这要看你有多少用户了,如果用户多的话,不要说硬盘,MEMORY就先受不了,另外,如果用户多的话,建议将JVM设的大一点,以防止内存溢出的问题, 实际上, 在HTTPSESSION FAILOVER中,肯定数据是要落地的,无论是以BINARY的形式写到文件或到数据库,关键是看这样的读写有多频繁,FLOATER给我的启示是,尽量依靠APP SERVER来HANDLE SESSION,减少不必要的读写, 这样的趋势是对的,因为APP SERVER的技术越来越成熟,如果现在你的SESSION太多依靠自己的话,将来REFACTOR起来比较吃力,当然这是看你需求了,对 我的项目来说,SESSION的重要性超过一切,在这种情况下,我考虑riliablity超过performance, 这是一种TRADE OFF | |
| 24.Re:如何解决TOMCAT无故使session失效? [Re: ftang] | Copy to clipboard |
|
Posted by: wuliang Posted on: 2003-08-29 09:06 saveOnRestart="false"> 关键是这句,tomcat重启会恢复Persistented的session,这里设为"false"告诉tomcat不要尝试恢复, 好像恢复的session会导致意外的失常,我不是很理解的,只是照做而已 | |
| 25.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-08-29 11:35 Have you ever used ip address rather than serverdomain name in the code? http://w6.metronet.com/~wjm/tomcat/2000/Jul/msg00379.html If cookies are not supported, you should tried encoding your URLs with the encodeURL() method of the HttpServletResponse interface Anything else that we could think of? | |
| 26.Re:如何解决TOMCAT无故使session失效? [Re: ftang] | Copy to clipboard |
|
Posted by: edgeloner Posted on: 2003-08-29 22:58 ftang wrote: 的确稳定最重要,速度客户可以忍受,但是不稳定和出错那是无法接受的 | |
| 27.Re:如何解决TOMCAT无故使session失效? [Re: edgeloner] | Copy to clipboard |
|
Posted by: ftang Posted on: 2003-08-29 23:17 我觉得我们不应该就让这个帖子流失掉,讨论到最后,我们应该有点什么东西留下来,应该说有一个人来总结一下,然后,依靠这个总结,我们写出一个蓝图,这样大家将来在碰到这问题的时候,都有一定的模板去做,我看看,下个星期,我写一个sequence diagram,大家在讨论讨论,我建议到最后我们有一个完整的解决方案,不一定要有源码,有一些uml的diagram就好了,你们看如何 | |
| 28.Re:如何解决TOMCAT无故使session失效? [Re: ftang] | Copy to clipboard |
|
Posted by: dapan Posted on: 2003-09-01 09:53 ftang wrote: 期待ing ^_^ | |
 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |