Shulou(Shulou.com)06/02 Report--

Xiaobian shares with you how Tomcat monitors and deletes timeout sessions. I hope you will gain something after reading this article. Let's discuss it together!

preface

Accidentally discovering a Tomcat session time of half an hour does not mean that the session has only half an hour of valid usage time after creation, but that the session is deleted after half an hour of idle time. Just flip through the source code. I did a little cleaning.

Note: Idle time refers to the interval between two requests for the same session.

Session correlation class graph

HttpSession is a Session that everyone can use directly at Servlet level.

Session is an interface used internally by Tomcat and can make some internal calls.

StandardSession is a standard HttpSession implementation, and it also implements the Session interface for Tomcat internal management.

StandardSessionFacade, the class name has indicated that it is a "facade class", which internally references a StandardSession object, but externally only provides HttpSession specified methods.

Manager Related Class Diagram

StandardManager and PersontManager are both implementations of Manager, but they differ in the way they store Session objects.

StandarManager

1. When Tomcat is running, the Session is stored in memory

2. When Tomcat is shut down (note that it is a normal shutdown operation, not a sudden crash), the Session will be written to disk, and the Session will be loaded after Tomcat restarts.

PersistentManager

1. Always store sessions on disk.

Relationship between Manager and Context

In Tomcat, a Context is an application (Webapp) deployed to Tomcat. Each Context has a separate Manager object to manage session information for that application.

How Manager stores sessions

The Manager object uses a Map to store the Session object

Key => SessionId

Value => Session Object

/** * The set of currently active Sessions for this Manager, keyed by * session identifier. */ protected Map sessions = new ConcurrentHashMap();

When a request arrives in Context, if it carries a Cookie from JSESSIONID, Manager can use it to find the associated Session object and place it in the Request object.

Periodic inspection of Manager

The Manager interface has a backgroundProcess() method, which as the name suggests is background processing.

/** * This method will be invoked by the context/container on a periodic * basis and allows the manager to implement * a method that executes periodic tasks, such as expiring sessions etc. */ public void backgroundProcess();

Note: The Container interface also has this method, which usually starts an extra thread to execute the backgroundProcess method when the container starts. After this method of Context is started, the Loader and Manager backgroundProcess methods will be executed.

Let's see what this method does.

/** * {@inheritDoc} *

* Direct call to {@link #processExpires()} */@Overridepublic void backgroundProcess() { count = (count + 1) % processExpiresFrequency; if (count == 0) //Start checking processExpires() if check frequency is reached;}/** * Invalidate all sessions that have expired. */public void processExpires() { long timeNow = System.currentTimeMillis(); Session sessions[] = findSessions(); //Get all session objects int expireHere = 0 ; //Number of expired sessions, don't be fooled by this variable name if (log.isDebugEnabled()) log.debug("Start expire sessions " + getName() + " at " + timeNow + " sessioncount " + sessions.length); for (int i = 0; i

< sessions.length; i++) { if (sessions[i]!=null && !sessions[i].isValid()) { expireHere++; } } long timeEnd = System.currentTimeMillis(); if(log.isDebugEnabled()) //打印记录 log.debug("End expire sessions " + getName() + " processingTime " + (timeEnd - timeNow) + " expired sessions: " + expireHere); processingTime += ( timeEnd - timeNow );} 很多人看到这里，可能会有跟我一样的疑惑，即这里面根本就没有使Session过期失效的操作，好像只做了状态检查。不过后来看到了Session的isValid方法的实现就都明白了。 /** * Return the isValid flag for this session. */@Overridepublic boolean isValid() { if (!this.isValid) { return false; } if (this.expiring) { return true; } if (ACTIVITY_CHECK && accessCount.get() >

0){ return true; } //where the key is//if the maximum idle time is set//determine the idle time of this Session//if the timeout has expired, execute the expire operation if (maxInactiveInterval > 0) { int timeIdle = (int) (getIdleTimeInternal() / 1000L); if (timeIdle >= maxInactiveInterval) { expire(true); } } return this.isValid;} After reading this article, I believe you have a certain understanding of "How Tomcat monitors and deletes timeout sessions". If you want to know more about it, please pay attention to the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.