views:

598

answers:

3

Preface: I'm not a java developer.

I have a question about Tomcat / jBOSS and other java application servers. Where are sessions (session data) stored? In PHP, sessions are usually stored in the database which means you can easily share session data in a load balanced environment. In Tomcat and other application servers, session seem to be stored in memory by default which would not apply in a load balanced env. While it is true that PHP stores sessions in files by default, it takes a few lines to hook it up to a DB. Is the same true of applications servers?

Basically, what's the pros for storying sessions in memory? Is this still standard practice for application servers? Thanks all!

+1  A: 

The JavaEE spec does not dictate this, it is up to the individual implementations to decide. For example, the usual way to handle load balancing in Tomcat is to use replicated sessions, where the session data is multicast between the nodes. Storing session data in the database is a huge performance killer, and while Tomcat may support it, I really wouldn't recommend it.

skaffman
Thanks. I see that there are three methods for replicated sessions (file, JDBC, and in-memory). So file / in-memory are most common? I think my issue is I dont really understand what an "application server" entails. I need to do more reading.
frio80
I'd love to read some data behind the "Storing session data in the database is a huge performance killer" statement, have any references? (Not disparaging, interested.) I'd expect it would be massively dependent on the infrastructures involved.
T.J. Crowder
@TJ: applications often store considerably amounts of highly structured, highly volatile data in their sessions, which can be prohibitively expensive to persist in a database in a scalable way. If you move your application from in-memory to in-database session persistence, in can often kill the performance. Network-replicated in-memory sessions get around that problem to a large degree, in that while there is a performance hit for doing the replication, it's generally much less pronounced than with database persistence.
skaffman
A: 

With the provided Session Manager, the session is always in memory but it has a manager to persist the session to JDBC store,

http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html

Unlike in PHP, the session is still accessed from memory and it's only persisted to DB when the memory limit is reached or at server shutdown. So your load-balancer must have sticky routing for this to work.

The benefit of in-memory session is performance because db access doesn't occur for every transaction.

You can write your own session manager to simulate the PHP behavior.

ZZ Coder
+1  A: 

I have a question about Tomcat / jBOSS and other java application servers. Where are sessions (session data) stored?

By default, I'd say in memory. Details are actually... implementation details which are application server specific.

In PHP, sessions are usually stored in the database which means you can easily share session data in a load balanced environment. In Tomcat and other application servers, session seem to be stored in memory by default which would not apply in a load balanced env.

Well, not exactly. What this means is that a client request has to be sent to the same node in a clustered environment (this is referred to as "session stickiness") and this is not an issue from a load balancing point of view. But this is an issue from a failover point of view: in case of failure of a node in a cluster, session state managed by the node can be lost. To solve this, almost all application server providers implement session failover (using various mechanism such as in-memory replication, JDBC-based persistence, etc). But, again, implementation details are application server specific. See for example how Tomcat or WebLogic deal with that. The Under the Hood of J2EE Clustering article on The Server Side is a very interesting reading too.

While it is true that PHP stores sessions in files by default, it takes a few lines to hook it up to a DB. Is the same true of applications servers?

As I said, not all application servers will offer JDBC-based persistence. Having that said, and to answer your question, configuration is in general simple when they do. But using a database is really not the preferred solution (actually, I avoid it at all price).

Basically, what's the pros for storying sessions in memory? Is this still standard practice for application servers?

Simply: performance! Serializing data, calling a database, writing to disk, all this has a cost. In-memory replication obviously allows to avoid some overhead. But it has some limitation too. For example, it doesn't allow WAN HTTP Session State Replication with WebLogic. But well, only few people need this :)

Pascal Thivent
This was extremely helpful. Thank you.
frio80
@frio80 You're welcome! BTW, the common way of recognizing a good answer is upvoting it ;-)
Pascal Thivent