Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: I'm sorry that I didn't express myself in a clear manner. I was simply saying that the jsessionid doesn't appear when bots access pages that have sessions in them (in my case), but I'm not concerned with it as it doesn't affect anything. I worked it out after i'd had a coffee, I was just being dense. :) I think the only way to be sure what's going on would be to monitor what's being set in the response headers for bots. If there's a 'Set-Cookie' header it would explain why there's no redirect URL encoding. Whether the bot then sends the cookie back to maintain the session is a different matter of course... rgds, p -Regards Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, February 8, 2007 8:46:22 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Thanks for explaining, I looked at some of the access log archives where I used the %{Cookie}i in the pattern, and for the bots it shows as -, but for browser access it shows the cookie information. See the _ at the end of this is the cookie information from Googlebot 127.0.0.1 - [11/Sep/2006:12:06:36 -0800] GET /index.jsp HTTP/1.1 200 13165 - Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) - At the end of this the cookie string is from a IE 6.0 browser 127.0.0.1 - [11/Sep/2006:12:07:00 -0800] GET /index.jsp HTTP/1.1 200 6818 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) __utma=119444884.1604301826.1157946192.1157960979.1157976677.6; __utmz=119444884.1157961053.5.5.utmccn=(organic)|utmcsr=google|utmctr=searched+key+word|utmcmd=organic But earlier you had mentioned something about HTTP/1.1 capable agent, another sample of the access log shows that the bots are HTTP/1.1 capable - sorry I don't have the custom pattern used here, since I kept changing it often. 66.249.66.198 HTTP/1.1 - [31/Oct/2006:22:04:59 -0800] GET /index.jsp HTTP/1.1 200 8622 - Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) 74.6.75.14 HTTP/1.1 - [31/Oct/2006:22:04:44 -0800] GET /robots.txt HTTP/1.1 200 273 - Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) 64.4.8.116 HTTP/1.1 - [31/Oct/2006:17:50:19 -0800] GET /robots.txt HTTP/1.1 200 273 - msnbot/1.0 (+http://search.msn.com/msnbot.htm) In the above cases index.jsp is using sessions, and so are almost all other JSP pages on the web app. So since bots are HTTP/1.1 capable that might explain why I don't see jsessionid appended to the jsp pages in the access logs. -Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 9, 2007 7:10:49 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I'm sorry that I didn't express myself in a clear manner. I was simply saying that the jsessionid doesn't appear when bots access pages that have sessions in them (in my case), but I'm not concerned with it as it doesn't affect anything. I worked it out after i'd had a coffee, I was just being dense. :) I think the only way to be sure what's going on would be to monitor what's being set in the response headers for bots. If there's a 'Set-Cookie' header it would explain why there's no redirect URL encoding. Whether the bot then sends the cookie back to maintain the session is a different matter of course... rgds, p -Regards Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, February 8, 2007 8:46:22 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: So since bots are HTTP/1.1 capable that might explain why I don't see jsessionid appended to the jsp pages in the access logs. ...and the cookie is only recorded when the client sends it, not when the server sets it, so it doesn't appear in the log. -Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 9, 2007 7:10:49 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I'm sorry that I didn't express myself in a clear manner. I was simply saying that the jsessionid doesn't appear when bots access pages that have sessions in them (in my case), but I'm not concerned with it as it doesn't affect anything. I worked it out after i'd had a coffee, I was just being dense. :) I think the only way to be sure what's going on would be to monitor what's being set in the response headers for bots. If there's a 'Set-Cookie' header it would explain why there's no redirect URL encoding. Whether the bot then sends the cookie back to maintain the session is a different matter of course... rgds, p -Regards Rashmi - Original Message From: Pid [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, February 8, 2007 8:46:22 AM Subject: Re: [OT]Re: Large number of active sessions Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
This message has been marked as Off-Topic with [OT] , so that it doesn't stand in the way of the main thread. Here's where one can report a bug : http://tomcat.apache.org/bugreport.html (unless it hasn't been reported already). -Rashmi - Original Message From: David Wall [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 9, 2007 1:00:02 PM Subject: Re: [OT]Re: Large number of active sessions I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=listsid=396546091 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: Large number of active sessions
Rashmi Rubdi wrote: I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. hi rashmi, i'm not sure what you're saying; are you asking a question? -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT]Re: Large number of active sessions
I agree that many have experienced the jsessionid on URLs accessed by bots, perhaps it happens in a Struts environment or some other environment. In certain set-ups (only JSPs, no servlets, no MVC - session is removed and created freshly on each JSP page) the jsessionid doesn't appear on URLs accessed by bots like Googlebot even when the JSP page uses sessions, and that confuses me. I've verified the absense of jsession id in the URLs accessed by Googlebot in the server logs. This inconsistent appearance of jsessionid for certain set-ups doesn't bother me, it's just a matter of curiosity. -Rashmi - Original Message From: Pid [EMAIL PROTECTED] Some bots also use sessions. I disagree, the bot has no capability to decide to use a session. A bot would only appear to use a session if it was HTTP/1.1 capable, and was handling cookies or encoded URLs properly. Most bots get pages asynchronously, I've observed Googlebot hitting url encoded pages with jsessionids generated days beforehand, during a previous index run. This will trigger a new session as a result, but may account for apparently older creation dates appearing the list of active/recent session. (A guess: I don't know enough about the internals of Tomcat to be sure of that.) p Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]