top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Disable the session in tomcat

0 votes
405 views

What is the procedure to disable entirely the session (JSESSIONID) within tomcat 7 ?

posted Jul 17, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Write a HttpSessionListener and unconditionally throw an exception from the sessionCreated() method and kill the session. Like this:

public class IronFistedHttpSessionListener
 implements HttpSessionListener
{
 @Override
 public void sessionCreated(HttpSessionEvent se)
 {
 se.getSession().invalidate();
 throw new IllegalStateException("Session use is not permitted.");
 }

 @Override
 public void sessionDestroyed(HttpSessionEvent se)
 {
 // Do nothing
 }
}

Note that this may cause parts of your code to start to fail. Now, it will be your job to fix the parts of your code that are triggering sessions to be created.

For example, if you don't explicitly state session="false" in all of your JSPs, a session will be created by default. So, you'll need to edit all the JSPs you have that don't state session="false" so they won't create sessions.

You may have other places in your code where sessions are created due to careless code. Fix those and your HttpSessionListener should never be invoked.

answer Jul 17, 2013 by anonymous
Similar Questions
+2 votes
How-to disable SSL V3 on Tomcat 6.0.18.0

Does anyone knows how-to disable SSL v3 in older tomcat version, I have tried to variety solution including sslProtocols or sslEnabledProtocols but it both did not work well, the Firefox I am using to test is only select TLS 1 and result is that I were not able to access the site.

Below is the server information:

Server version: Apache Tomcat/6.0.18
Server built: Jul 22 2008 02:00:36
Server number: 6.0.18.0
OS Name: Windows 2003
OS Version: 5.2
Architecture: x86
JVM Version: 1.6.0-b105
JVM Vendor: Sun Microsystems Inc

+1 vote
How to create custom session and cookie in Tomcat 7/8 ?

I'm trying to figure out how I can create custom session cookies. I've found the Manager interface for creating the sessions, but there's nothing about the actual session cookie. I don't see anything in the Valve interface that will let me do this either. Is this possible in Tomcat 7 (or 8?).

0 votes
Why do sticky sessions matter when session replication turned on in Tomcat

Setup:
- Two physical servers each running Tomcat 7.0.42
- Brocade load balancer in front

The load balancer is set to source IP persistence for 5 minutes. This time can be changed of course.

The thing I don't understand is 5 minutes or 5 hours - at then end that time limit the user can be sent to the other server and lose data stored in the session.

So why do sticky sessions matter when session replication turned on in Tomcat? Is a performance issue?

+3 votes
Tomcat Clustering with Session Persistence

We have currently started using tomcat 7.0 in our development environment. Following are the configuration Details :

Tomcat Version : 7.0.55
Java Version :1.7.0.67

We have a requirement to implement clustering for one of our applications . The same application's active but idle sessions need to be persisted to a JDBC store . We have a small cluster of just two nodes so as recommended we need to use DeltaManager but for session persistence we need to use PersistentManager . PersistentManager is not recommended for clustering as the session data is not swapped out in real time.As far as I understand , we can only use one of the manager configurations .

Can you please let me know if it is possible to achieve session persistence along with clustering , If yes how can we achieve the same ?

0 votes
Enable session persistence between two tomcat nodes behind load balancer

I have been searching for an answer to how to set this up. I find a lot of posts on session persistence but none seem to describe how to set it up. Is there a simple explanation out there that tells me how I go about setting up session persistence (with Apache, I would just set up memcached on the db server and configure the memcache module on each Apache instance to point to the memcached and it works). I don't need opcode persistence. I just want the tomcats to either a) direct all session traffic to a single node or b) make the two tomcats aware of all sessions. Can someone point me in the right direction? I am not a java coder, but if code changes need to be made, I can work through it.

...