|Home > Documentation > Configuring and administering > Configuring and administering the Apache Geronimo Server > Configuring the Web Container > Configuring session manager of Tomcat|
DoS(Denial of Services) is one of the most common attacking method, which issues lots of requests and exhausts free memory of the application server. The server will crash down because of out of memory problem eventually. In Geronimo, you can swap inactive sessions to a file or just forget them. You can keep a certain number of sessions in main memory configurable via System configuration as follows.
The Manager element represents the session manager that is used to create and maintain HTTP sessions in Tomcat. Geronimo supports both implementations of Manager by providing a ManagerGBean for:
See Tomcat document for more information about those two implementations and relevant attributes.
You can customize the session management behaviour per web application context in your deployment plan as follows:
Note that for PersistentManager, you can use different strategies for session store by specifying store.className to org.apache.catalina.session.FileStore for file based store or org.apache.catalina.session.JDBCStore for JDBC based store. See Persistence Manager implementations for all the attributes you can configure for each store strategy.