You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Lucee
I was always a bit hazy on how sessions behaved back to CF8 days. I was wondering, what are the negative impacts of having long session times? Say for example we set the session timeout to 60 minutes. If someone accesses a page in the application, then immediately shuts their browser off I'm guessing at least any session variables that were allocated would remain for the duration of the 60 mins. Would it also lock any worker processes as well? Our specific setup is IIS -> Tomcat -> Lucee.
Joseph Gooch
unread,
Mar 2, 2017, 4:25:06 PM3/2/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
It's just an impact on memory usage - no locking or worker thread issues. We run 60min in production and routinely clock 14000 sessions. (Across numerous instances)
-G
On Thu, Mar 2, 2017 at 1:18 PM Jonathan Brookins <jon.br...@gmail.com> wrote:
I was always a bit hazy on how sessions behaved back to CF8 days. I was wondering, what are the negative impacts of having long session times? Say for example we set the session timeout to 60 minutes. If someone accesses a page in the application, then immediately shuts their browser off I'm guessing at least any session variables that were allocated would remain for the duration of the 60 mins. Would it also lock any worker processes as well? Our specific setup is IIS -> Tomcat -> Lucee.
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
Hi Jonathan,
I think it really comes down to what you are storing in the session, and how much memory is available. We typically only store a user_id in the session, then get their user data when we need it. What I think becomes a much bigger problem is if you are creating sessions for each spider that happens to hit your app. We were running into problems on one app, and when I checked how many active sessions there were it numbered in the 10s of thousands. Only about 40 of these sessions were 'live' users. What we ended up doing was to set a cookie on login, and then check for the cookie existence in app.cfc. If the cookie exists, set the session timeout to 2 hours, if not set the session timeout to 10 seconds (or just disable sessionmanagement). This seemed to do the trick (I think this is the article on Charlie Arehart's site that gets credit).
if (structkeyExists(cookie,'loggedin'))
this.sessiontimeout = CreateTimeSpan(0,2,0,0);
else
this.sessiontimeout = CreateTimeSpan(0,0,0,10);
Seth
On Thu, Mar 2, 2017 at 11:18 AM, Jonathan Brookins <jon.br...@gmail.com> wrote:
I was always a bit hazy on how sessions behaved back to CF8 days. I was wondering, what are the negative impacts of having long session times? Say for example we set the session timeout to 60 minutes. If someone accesses a page in the application, then immediately shuts their browser off I'm guessing at least any session variables that were allocated would remain for the duration of the 60 mins. Would it also lock any worker processes as well? Our specific setup is IIS -> Tomcat -> Lucee.
--
You received this message because you are subscribed to the Google Groups "Lucee" group.