You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

DoS(Denial of Services) is one of the most common attacking method, which issues lots of requests and exhausts free memory of the application server. The server will crash down because of out of memory problem eventually. In Geronimo, you can swap inactive sessions to a file or just forget them. You can keep a certain number of sessions in main memory configurable via System configuration as follows.

Configuring session manager

The Manager element represents the session manager that is used to create and maintain HTTP sessions in Tomcat. Geronimo supports both implementations of Manager by providing a ManagerGBean for:

  • org.apache.catalina.session.StandardManager
  • org.apache.catalina.session.PersistentManager

See Tomcat document for more information about those two implementations and relevant attributes.

You can customize the session management behaviour per web application context in your deployment plan as follows:

Usage of StandardManger in geornimo-web.xml
...
<manager>TomcatManager</manager>
<gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean">
<attribute name="className">org.apache.catalina.session.StandardManager</attribute>
<attribute name="initParams">maxActiveSessions=10
</attribute>
</gbean>
...
Usage of PersistentManger in geornimo-web.xml
...
<manager>TomcatManager</manager>
<gbean name="TomcatManager" class="org.apache.geronimo.tomcat.ManagerGBean">
<attribute name="className">org.apache.catalina.session.PersistentManager</attribute>
<attribute name="initParams">maxActiveSessions=10
                             maxIdleBackup=10
                             maxIdleSwap=11
                             minIdleSwap=5
                             store.className=org.apache.catalina.session.FileStore
                             store.checkInterval=10
                             store.directory=d:/testFolder/session
</attribute>
</gbean>
...

Note that for PersistentManager, you can use different strategies for session store by specifying store.className to org.apache.catalina.session.FileStore for file based store or org.apache.catalina.session.JDBCStore for JDBC based store. See Persistence Manager implementations for all the attributes you can configure for each store strategy.

  • No labels