HomeDocumentation > Configuring and administering > Configuring and administering the Apache Geronimo Server > Configuring the Web Container > Configuring session manager of Tomcat

DoS(Denial of Services) is one of the most common attacking method, which issues lots of request and exhaust free memory of the application server. The server will crash down due to out of memory problem eventually.In Geronimo, you can swap inactive sessions to a file or just forget them. You can keep a certain number of sessions in main memory configurable via System configuration as followed.

Configuring session manager

The Manager element represents the session manager that is used to create and maintain HTTP sessions in Tomcat. Geronimo supports both implementations of Manager by providing a ManagerGBean for:

  • org.apache.catalina.session.StandardManager
  • org.apache.catalina.session.PersistentManager

Refer to Tomcat document for more information about those two implementations and relevant attributes.

You can customize the session management behavior per web app context in your deployment plan as followed:

Usage of StandardManger in geornimo-web.xml
...
<manager>TomcatManager</manager>
<gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean">
<attribute name="className">org.apache.catalina.session.StandardManager</attribute>
<attribute name="initParams">maxActiveSessions=10
</attribute>
</gbean>
...
Usage of PersistentManger in geornimo-web.xml
...
<manager>TomcatManager</manager>
<gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean">
<attribute name="className">org.apache.catalina.session.PersistentManager</attribute>
<attribute name="initParams">maxActiveSessions=10
                             maxIdleBackup=10
                             maxIdleSwap=11
                             minIdleSwap=5
                             store.className=org.apache.catalina.session.FileStore
                             store.checkInterval=10
                             store.directory=d:/testFolder/session
</attribute>
</gbean>
...

Note that for PersistentManager, you can use different strategies for session store by specifying store.className to org.apache.catalina.session.FileStore for file based store or org.apache.catalina.session.JDBCStore for JDBC based store. Refer to Persistence Manager implementations for all the attributes you can configure for each store strategy.