spring-boothttptomcatjettyhttpsession

Multiple HttpSession Objects for One Logged-In User


HeapDump

This is a HeapDump snapshot from my application running locally, "standardSessionFacade" is Tomcat implementation for HttpSession, now I am logged in with only a user then why are there 5 objects of standard session facade?

HeapDump2

And the same is happening when I am using Jetty instead of Tomcat

I wanted to know what is the underlying issue here or this is a common behaviour.


Solution

  • The existence of a session in the session store only means that the session existed, however briefly, at some point in time.

    Sessions can come into existence for short times, especially before the user is logged in fully. Example: a Session could have be created due to a request with no session, or a request to a resource that doesn't handle sessions (eg: an image, or css, or javascript, etc), and then when the user logs in the previous session is invalidated and replaced with a logged in session.

    Each session has an ID and a few different flags to indicate if it is still valid (or not).

    The invalid and/or expired sessions will eventually be cleaned out of the datastore.

    The only Session you should pay attention to is the one that is being referenenced on the HTTP protocol.