-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vincent,
On 11/28/12 3:14 AM, Vincent Goelen wrote: > When the keepAliveTimeout is not set to "0" I can see in the SSL > debug logs the SSL session get's invalidated after some requests > with a Broken Pipe exception. Is this because there are too many > open connections during the keepAliveTimeout? It's probably because of your pathological keepAliveTimeout. 0ms seems, er, low. Why did you choose 0ms? I haven't looked at the code, so I'm not sure if the elapsed timer starts when the last request is completed (which seems reasonable) or when the last request started. I suspect the latter. 0ms is awfully short. Are you sure that your client is capable of accepting the response to the previous request and turn-around and make another request across the same channel before 0ms passes? > It also only happens when processing the requests takes some time > (fe. storing items in database) or when I put the threat to sleep > for testing purpose. So if you have a trivial request (say, HEAD for a static resource), you can never get a failure? > When inspecting the traffic I see some tcp-rst packages (problem is > here?) from previous connections while the current one is being > processed. When you say "current one" what do you mean? If you are using a single connection with HTTP keepalive, then there is only one connection to talk about: you can't get RSTs from "previous connections". You may be getting TCP RST as the server closes the connection while the client is trying to write. Is that what you are experiencing? > My question is why these SSL Sessions get invalidated after alot of > quick requests to the server since this gives a problem with my SSL > Session tracking since the id changes then. Maybe if you can explain why you want a 0ms keepalive timeout it would be helpful. If you want to disable keep alives, set maxKeepAliveRequests="1". If you want to allow an infinite timeout, try using keepAliveTimeout="-1" as the documentation states. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC3w6YACgkQ9CaO5/Lv0PDX/QCfcPmdRD/FSyDB51QdOqgqwGbI tLwAmweVvlGCGqU2eAdYtrzezwkEPhZF =J7dz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
