{"id":378,"date":"2006-10-13T11:51:01","date_gmt":"2006-10-13T17:51:01","guid":{"rendered":"http:\/\/www.mooreds.com\/wordpress\/?p=378"},"modified":"2006-10-13T11:53:55","modified_gmt":"2006-10-13T17:53:55","slug":"378","status":"publish","type":"post","link":"https:\/\/www.mooreds.com\/wordpress\/archives\/378","title":{"rendered":"Destroying robot generated Tomcat sessions"},"content":{"rendered":"<p>A large effort goes into creating sites that are crawlable by robots, such as Google, Yahoo! and other search engines.  However, these programs can create a large number of sessions, if the site is based on servlet technology.  Per the <a href=\"http:\/\/java.sun.com\/products\/servlet\/download.html\">servlet spec<\/a> (the 2.3 specification, page 50), if a client never joins a session, new sessions will be created for each request.<\/p>\n<blockquote><p>A session is considered new when it is only a prospective session and has not been established. Because HTTP is a request-response based protocol, an HTTP session is considered to be new until a client joins it. A client joins a session when session tracking information has been returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of a session.The session is considered to be new if either of the following is true:<\/p>\n<ul>\n<li>The client does not yet know about the session<\/li>\n<li>The client chooses not to join a session.<\/li>\n<\/ul>\n<p>These conditions define the situation where the servlet container has no mechanism by which to associate a request with a previous request.<\/p><\/blockquote>\n<p>Since all these extra sessions take up memory, and are long lived, a client asked me to look into a way to invalidate them.  (<a href=\"http:\/\/marc.theaimsgroup.com\/?l=tomcat-user&#038;m=104333430705945&#038;w=2\">I&#8217;m not the first person to run into this problem<\/a>.)  The easiest way to do that was to build a filter that examined the <code>User-Agent<\/code> HTTP header; here&#8217;s a nice <a href=\"http:\/\/www.pgts.com.au\/pgtsj\/pgtsj0208d.html\">list of <code>User-Agent<\/code> values<\/a>.  If the client was any of the robots, we could safely invalidate the session.  For some reason, in with Tomcat 4.1, I needed to run <code>session.isNew();<\/code> before running <code>session.invalidate();<\/code>, otherwise the session wasn&#8217;t destroyed. The filter was placed at the end of the request chain, as outlined in <a href=\"http:\/\/www.informit.com\/guides\/content.asp?g=java&#038;seqNum=122&#038;rl=1\">this article<\/a>, by calling <code>chain.doFilter(request, response);<\/code> before the invalidation filter looked at the request or response.<\/p>\n<p>I haven&#8217;t seen any performance problems with creating a session and then throwing it away, probably because <a href=\"http:\/\/java.sun.com\/docs\/hotspot\/gc1.4.2\/faq.html\">java is so good at garbage collecting short  lived objects<\/a>.  If I did, conditionally <a href=\"http:\/\/www.roseindia.net\/jsp\/disablingsession.shtml\">disabling session participation in a JSP<\/a> might be an option to pursue.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A large effort goes into creating sites that are crawlable by robots, such as Google, Yahoo! and other search engines. However, these programs can create a large number of sessions, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,14],"tags":[],"class_list":["post-378","post","type-post","status-publish","format-standard","hentry","category-java","category-tomcat"],"_links":{"self":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts\/378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/comments?post=378"}],"version-history":[{"count":0,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts\/378\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/media?parent=378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/categories?post=378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/tags?post=378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}