Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
  • Blama
    replied
    Hi claudiobosticco,

    the only workarounds I can imagine are non-Smartclient. How about two application servers and a load balancer that filters out all RESTHandler requests and sends them to a second application server. There you then can set <session-timeout>1</session-timeout>. This way if sessions are discarded (I don't think that happens) it will only affect sessions you don't need anyway. And if they are serialized to disc, it will affect much less sessions because of the low timeout.

    Best regards
    Blama

    Leave a comment:

  • claudiobosticco
    replied
    Originally posted by Blama View Post
    This in turn results in the fact that all our API requests, which use DSRequests via RESTHandler also create a session.
    Hi Blama yes, this is a problem for us also, as we use RESTHandler for an application open to the public with high traffic load.
    Any chance that you found a workaround that you may share?

    Leave a comment:

  • claudiobosticco
    replied
    Hello Isomorphic no chance that this could be ported to 12.1 ?

    Leave a comment:

  • Blama
    replied
    Hi Isomorphic,

    that's great news. I'll test it eventually (when switching to 13.0p).

    Best regards
    Blama

    Leave a comment:

  • Isomorphic
    replied
    We actually did this work back in May 2020, shortly after your original post, but it somehow slipped through the cracks and we didn't post on here about it. Sorry about that. The commit was only made on the main development branch, so it will not be present in versions 12.1 and earlier. So could you try your application with version 13.0 and confirm that the issue with unwanted sessions is resolved?

    Thanks,
    Isomorphic Software Support

    Leave a comment:

  • Blama
    replied
    Hi Isomorphic,

    can you have a look at this?

    Best regards
    Blama

    Leave a comment:

  • Blama
    replied
    Hi Isomorphic,

    did you have a chance to look at this?

    Best regards
    Blama

    Leave a comment:

  • Blama
    started a topic 12.0p: Issue with unexpectedly created sessions

    12.0p: Issue with unexpectedly created sessions

    Hi Isomorphic,

    our application works in serveral modes:
    1. Normal Login
    2. Cron Job or Quartz triggered jobs
    3. API access
    We only use sessions for normal (and successful) user-logins, as creating too many sessions is a very easy way to DOS yourself.

    The other more automated types of accessing the system are request scoped and perhaps store information the ServletRequest, but not in a session.
    Additionally EAI tools typically don't support sessions anyway, as this contradicts the REST-statelessness.

    It seems though that you unintentionally create sessions as well for every DSRequest. This in turn results in the fact that all our API requests, which use DSRequests via RESTHandler also create a session.

    Please have a look at DSRequest.trackTimings():
    Click image for larger version Name: TrackTimings.PNG Views: 197 Size: 201.9 KB ID: 262381

    Here it is clearly wrong.

    This also affects other parts of the framework:
    These are the framework methods that call getSession() (without am explicit false-parameter. This also applies to getSession(true) calls):
    Click image for larger version Name: Calls of getSession.png Views: 142 Size: 58.2 KB ID: 262382

    Here you should be using HttpServletRequest.getSession(false) everywhere IMHO.

    Can you have a look please and fix this if you agree.

    Thank you & Best regards
    Blama
    Tags: None
Previous template Next
Working...
X