JBossWeb/Tomcat HTTP Session Implementation Details: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 60: Line 60:
The default timeout when the lock manager is trying to lock is 15,000 ms (15 seconds).
The default timeout when the lock manager is trying to lock is 15,000 ms (15 seconds).


For more details on general concepts related to session replication and ownership, see [[HTTP_Session_Replication#Session_Stickiness_and_Session_Ownership|[HTTP Session Replication - Session Ownership and Stickiness]].
For more details on general concepts related to session replication and ownership, see [[HTTP_Session_Replication#Session_Stickiness_and_Session_Ownership|HTTP Session Replication - Session Ownership and Stickiness]].

Revision as of 19:54, 15 July 2016

Internal

Relevance

  • EAP 6.4.6
  • JBoss AS 5.1.2

Clustered Session Diagram

Lifecycle

Each org.apache.catalina.connector.Request maintains a direct reference to the active Session instance the request belongs to. The reference can be null.

The repository of sessions for a specific application (context) is an instance of org.apache.catalina.Manager. The manager is referred to from the StandardContext via the manager reference.

  • If the application is not clustered, the Manager implementation is an org.apache.catalina.session.StandardManager.
  • If the application is clustered, the Manager implementation is an org.jboss.as.web.session.DistributableSessionManager.

Sessions are not created automatically by the Tomcat machinery, unless we invoke HttpServletRequest.getSession() (which is equivalent with HttpServletRequest.getSession(true)) or org.apache.catalina.connector.Request.getSessionInternal().

When HttpServletRequest.getSession() is invoked, the following happen:

  • The Manager instance is obtained from the StandardContext associated with the request.
  • Manager.findSession(sessionId) is messaged on the Manager instance.
  • The Session is looked up in the sessions map by its session ID. This applies to both non-clustered and clustered sessions.

Session Found

If the session is found, access() method is invoked on it.

If the session is not clustered, it is then simply returned.

If the session is clustered (an org.jboss.as.web.session.ClusteredSession implementation), the node attempt to acquire ownership, by invoking acquireSessionOwnership() method. For more details on session ownership, see Session Ownership and Locking.

Session Not Found

  • If no session is found, and org.apache.catalina.connector.Request.SESSION_ID_CHECK is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
  • If no session is found, the Manager instance is messaged to createSession(sessionId).
  • Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is TomcatCookie.

SessionID Generation

SessionID is generated by ManagerBase.generateSessionId().

Session Counter

Maintained by the sessionCounter variable of the StandardManager instance of the web application.

Session Replication

Session Ownership and Locking

What is session ownership?

The session ownership is acquired by the DistributedCacheManager instance from the lock manager (DistributedLockManager instance). The result of the lock acquisition attempt could be:

  • NEW_LOCK
  • ALREADY_HELD
  • ACQUIRED_FROM_CLUSTER

The default timeout when the lock manager is trying to lock is 15,000 ms (15 seconds).

For more details on general concepts related to session replication and ownership, see HTTP Session Replication - Session Ownership and Stickiness.