Home > Documentation > Configuring and administering > Configuring and administering the Apache Geronimo Server > Configuring the Web Container > Configuring session manager of Tomcat |
DoS(Denial of Services) is one of the most common attacking method, which issues lots of request and exhaust free memory of the application server. The server will crash down due to out of memory problem eventually.In Geronimo, you can swap inactive sessions to a file or just forget them. You can keep a certain number of sessions in main memory configurable via System configuration as followed.
The Manager element represents the session manager that is used to create and maintain HTTP sessions in Tomcat. Geronimo supports both implementations of Manager by providing a ManagerGBean for:
org.apache.catalina.session.StandardManager
org.apache.catalina.session.PersistentManager
Refer to Tomcat document for more information about those two implementations and relevant attributes.
You can customize the session management behavior per web app context in your deployment plan as followed:
... <manager>TomcatManager</manager> <gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean"> <attribute name="className">org.apache.catalina.session.StandardManager</attribute> <attribute name="initParams">maxActiveSessions=10 </attribute> </gbean> ...
... <manager>TomcatManager</manager> <gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean"> <attribute name="className">org.apache.catalina.session.PersistentManager</attribute> <attribute name="initParams">maxActiveSessions=10 maxIdleBackup=10 maxIdleSwap=11 minIdleSwap=5 store.className=org.apache.catalina.session.FileStore store.checkInterval=10 store.directory=d:/testFolder/session </attribute> </gbean> ...
Note that for PersistentManager, you can use different strategies for session store by specifying store.className to org.apache.catalina.session.FileStore
for file based store or org.apache.catalina.session.JDBCStore
for JDBC based store. Refer to Persistence Manager implementations for all the attributes you can configure for each store strategy.
Bookmark this on Delicious Digg this | Privacy Policy - Copyright © 2003-2011, The Apache Software Foundation, Licensed under ASL 2.0. |