What happens when a HttpSession times out in a cluster, wrt HttpSessionListeners ?
Will the HttpSessionListener be notified with a HttpSessionEvent on _each_ node or only on the node that decides to destroy the session ? JSR-154 (Servlet 2.4 spec) [1] says: "SRV.10.7 Distributed Containers In distributed Web containers, HttpSession instances are scoped to the particular JVM servicing session requests, and the ServletContext object is scoped to the Web container’s JVM. Distributed containers are not required to propagate either servlet context events or HttpSession events to other JVMs. Listener class instances are scoped to one per deployment descriptor declaration per Java Virtual Machine." [1] http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html Hence it is not *required* for a Servlet Container implementation to propagate HttpSessionEvents to each cluster node on HttpSession timeout. But what about Tomcat ? ;) (I know, I could test it myself, which is most probably what I'm going to do anyway, but if anyone has/had a similar "issue", any feedback would be highly appreciated) Background: our security framework is keeping computed ACLs in a cache in the ServletContext of each node, and we only replicate the credentials as part of the HttpSessions (to reduce the session replication payload as those ACL lists can be pretty big). But we have to remove those cached ACLs when the HttpSession times out, using a HttpSessionListener. In a Servlet Container cluster, the ACLs would be computed and cached on each node on the fly, but also have to be flushed out of the cache on each node (hence, the question about HttpSessionEvents being fired on each cluster node or not). Thanks for any information or pointers :) cheers -- -o) Pascal Bleser ATOS Worldline/Aachen(DE) /\\ System Architect WLP Business Platform _\_v "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect."-L.Torvalds --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
