Hi, I have a problem that on one of our servers we use the PersistentManager with Filestore and it happened that one session file increased endlessly to a size of 235GB before we removed that session.
First, some information to our setup: Server version: Apache Tomcat/6.0.35 Server built: Jan 31 2012 04:27:38 Server number: 6.0.35.0 OS Name: Linux (Debian Squeeze) OS Version: 2.6.32-5-amd64 Architecture: amd64 JVM Version: 1.6.0_26-b03 JVM Vendor: Sun Microsystems Inc. Xmx: 12GB Tomcat is running behind an Apache web server. Now, more details to this incident: We have recognized an unusually high number of disk operations on one of our servers and investigated the origin. We found out that there was one tomcat session file that grew already to 235GB and was increasing quickly (all other sessions on our server are less than 10KB). We then removed that session file, but it was recreated (starting from 0 bytes) and was again growing quickly. We then did a backup of that file and removed it again. After the second removal the session file didn't appear again. The server returned to normal operation. I've investigated the session file and the file contained 3 lines. I was able to recognize the data of the first two lines (the default session parameters like lastAccessedTime as well as some POJOs we have added to that session). But the third line was endlessly repeating the following string: q~"q~#q~'q~( And now my questions: Does anyone know what this string means? How is it possible that a session can increase to this size (larger than the heap size of tomcat)? Is it a known tomcat bug? Is it a known type of attack? How can you prevent this problem? Thanks in advance. Nicolas Peters
