1

I'm debugging an issue where calls to our weblogic server often return with a new JSESSIONID value, replacing the JSESSION that was originally sent.

The issue occurs frequently, but not consistently. (Ie., when it affects you, it affects ~90% of your traffic.)

We've shown that the issue appears to be unrelated to the actual server call being made, which makes it hard for me to debug any specific method.

Is there a way to hook into the JSESSION creation in WebLogic, to see what is causing the session to be created / destroyed / invalidated?

Attaching a remote debugger would be great, but I'd settle for some form of logging that might point me in the right direction?

Marty Pitt
  • 28,822
  • 36
  • 122
  • 195
  • is your weblogic environment clustered and fronted by Apache or any other web server or a load balancing switch? – JoseK Jul 13 '11 at 06:34
  • @JoseK - Yes, the environment showing the issue has a Apache server balancing between two servers. However, we've validated that all the calls are arriving on the same WebLogic instance – Marty Pitt Jul 13 '11 at 13:29
  • we had this ongoing issue in the past, when Apache switched the requests across WL isntances, causing users to get new JSESSIONIDs. If yours are all hitting same instance, then the question is why the WL does not recognize the JSESSIONIDs - so are these being retained i.e. passed thru between Apache and WL at all could be one aspect. Secondly, if the same JSESSIONID hits within 20 mins or whatever session timeout, then WL should have recognized it - so you're right in tracking where sessions are getting destroyed. I wonder if any explicit code does session.invalidate() but would affect all. – JoseK Jul 13 '11 at 13:45

2 Answers2

2

This is a standard part of the servlet spec (not WebLogic specific). You want the HttpSessionListener interface.

Note that the Servlet session stuff is really bad - the kind of behavior you're seeing can happen when memory problems kick in, etc. For a deconstruction, check out the presentation at SeaJUG (Rethinking Users and User Session Management). Slides and video are posted.

Will Iverson
  • 2,009
  • 12
  • 22
  • Great - thanks for this. I wrote a sessionListener which has helped point me in the direction of what's causing our problem. – Marty Pitt Jul 13 '11 at 01:44
0

Nodemanager/WLST is something that is also useful in debugging and monitoring servers with Weblogic Admin, Enterprise Fusion Middleware Control, or Cloud Control.

Wesley Davidson
  • 21
  • 3