InfoCenter Home >
4: Developing applications >
4.4: Personalizing applications >
4.4.1: Tracking sessions >
4.4.1.1: Session programming model and environment >
4.4.1.1.7: Tuning session support >
4.4.1.1.7.5: Tuning session support: Base in-memory session pool size

4.4.1.1.7.5: Tuning session support: Base in-memory session pool size

The base in-memory session pool size number has different meanings, depending on session support configuration:

  • When sessions are being stored in memory, session access is optimized for up to this number of sessions.
  • When sessions are being stored in a database, it also specifies the cache size and the number of last access time updates that are saved in manual update mode.

For persistent sessions, when the session cache has reached its maximum size and a new session is requested, Session Manager removes the least recently used session from the cache to make room for the new one.

General memory requirements for the hardware system, and the usage characteristics of the e-business site, will determine the optimum value.

Note that increasing the base in-memory session pools size can necessitate increasing the heap sizes of the Java processes for the corresponding WebSphere application servers.

Overflow in non-persistent sessions

By default, the number of sessions maintained in memory is specified by Base in-memory session pool size. If you do not wish to place a limit on the number of sessions maintained in memory and allow overflow, set overflow to true.

Allowing an unlimited amount of sessions can potentially exhaust system memory and even allow for system sabotage. Someone could write a malicious program that continually hits your site and creates sessions, but ignores any cookies or encoded URLs and never utilizes the same session from one HTTP request to the next.

When overflow is disallowed, the Session Manager still returns a session with the HttpServletRequest's getSession(true) method if the memory limit has currently been reached, but it would be an invalid session that is not saved in any fashion.

With the WebSphere extension to HttpSession, com.ibm.websphere.servlet.session.IBMSession, an isOverflow() method returns true if the session is such an invalid session. An application could check this and react accordingly.

Go to previous article: Tuning session support: Write frequency Go to next article: Tuning session support: Write contents

 

 
Go to previous article: Tuning session support: Write frequency Go to next article: Tuning session support: Write contents