Bug 48345 - Session does time-out shorter than setting in web.xml when PersistentManager is used.
Summary: Session does time-out shorter than setting in web.xml when PersistentManager ...
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.20
Hardware: All All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2009-12-07 02:09 UTC by Keiichi Fujino
Modified: 2010-03-06 17:49 UTC (History)
0 users

patch for trunk. (1.45 KB, application/octet-stream)
2009-12-07 02:12 UTC, Keiichi Fujino

Note You need to log in before you can comment on or make changes to this bug.
Description Keiichi Fujino 2009-12-07 02:09:14 UTC
I am encountering the problem that Session does time-out shorter than setting in web.xml.

This is a simple scenario where the problem occurs. 

I am using PersistentManager by the following configuration.
  <Manager className="org.apache.catalina.session.PersistentManager"
    <Store className="org.apache.catalina.session.FileStore"/>

I am setting the session-timeout at five minutes.

1. Create Session.
2. 120 seconds pass. 
   Session does swapOut. 
3. In addition, 120 seconds pass. 
   Get Session.
   Session does swapIn and access time of session in the memory is updated. 
4. In addition, 90 seconds pass.
   Get Session.

Because the access time of the session has been updated in (3),
The session should be able to be acquired.
However, the session can not be acquired. 

This cause is StoreBase#processExpires invoked between (3) and (4).
StoreBase#processExpire deletes the session saved in Store.
StoreBase#processExpires is as follows.

public void processExpires() {
    for (int i = 0; i < keys.length; i++) {
        try {
            StandardSession session = (StandardSession) load(keys[i]);
            if (session == null) {
            if (session.isValid()) {
            if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) {
                // recycle old backup session
            } else {
                // expire swapped out session
        } catch (Exception e) {

The session saved in Store is loaded, and StandardSession#isValid() is executed. 
StandardSession#expire(true) is invoked for the session that passes 
session time-out in "StandardSession#isValid()". 

StandardSession#expire(true) invokes Manager#remove(Session).
As a result, the session is deleted from the session map. 

In a word, session in memory is deleted by invalidating old session in Store. 
As a result, session does time-out shorter than setting in web.xml

I made a patch against trunk.

Best regards.
Comment 1 Keiichi Fujino 2009-12-07 02:12:06 UTC
Created attachment 24674 [details]
patch for trunk.

patch for trunk.

the following are necessary for backport to 6.0_trunk. 

Applies these revisions.

remove duplicated local variable timeNow.
Comment 2 Mark Thomas 2009-12-30 03:36:58 UTC
Thanks for the patch. I have committed it to trunk and proposed a variation for 6.0.x
Comment 3 Konstantin Kolinko 2010-03-06 17:49:24 UTC
The fix for this issue was applied to 6.0 and is in 6.0.23 onwards.