InfoCenter Home > 4.4.1.1.7.5: Tuning session support: Base in-memory session pool sizeThe base in-memory session pool size number has different meanings, depending on session support configuration:
For persistent sessions, when the session cache has reached its maximum size and a new session is requested, Session Manager removes the least recently used session from the cache to make room for the new one. General memory requirements for the hardware system, and the usage characteristics of the e-business site, will determine the optimum value. Note that increasing the base in-memory session pools size can necessitate increasing the heap sizes of the Java processes for the corresponding WebSphere application servers. Overflow in non-persistent sessionsBy default, the number of sessions maintained in memory is specified by Base in-memory session pool size. If you do not wish to place a limit on the number of sessions maintained in memory and allow overflow, set overflow to true. Allowing an unlimited amount of sessions can potentially exhaust system memory and even allow for system sabotage. Someone could write a malicious program that continually hits your site and creates sessions, but ignores any cookies or encoded URLs and never utilizes the same session from one HTTP request to the next. When overflow is disallowed, the Session Manager still returns a session with the HttpServletRequest's getSession(true) method if the memory limit has currently been reached, but it would be an invalid session that is not saved in any fashion. With the WebSphere extension to HttpSession, com.ibm.websphere.servlet.session.IBMSession, an isOverflow() method returns true if the session is such an invalid session. An application could check this and react accordingly. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|