I am running a J2EE web application in Tomcat, and recently I have been tasked with adding metrics to the application. I am using a SessionListener to detect when the session is destroyed, and then uploading the metrics to a database. My Session timeout is set in my web.xml to 30 minutes, and I am not invalidating the session anywhere programmatically. Often during 1 5-10 minute period of me logging in for testing, I will see 3 or 4 sets of metrics uploaded to the database, all with different session id's.
Besides web.xml and session.invalidate(), what else can cause a session in Tomcat to be destroyed? Exceptions? Will Tomcat ever randomly invalidate sessions?
Possibly your webbrowser has decided to not sent the session cookie on a request to the webapplication, where your application would have expected one. I have seen this happen with an apache rewrite rule; an URL outside the session-cookie path was redirected to the web-application. There something like the folowing happened (details may be wrong):
You should be able to see if this causes your problem if you log the initial URL for new sessions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With