niedziela, 17 marca 2013

Unconscious use WebServices session

Real life ... programmer copied the definition of service in Service1WS to Service2WS, changed the name of the service, the name of the class and obtained a description of the service:

He did not notice, however, that Service1WS contains a parameter that if Service2WS should not appear to have been:

The result was that when the server traffic appeared to increase there was java.lang.OutOfMemoryError: Java heap space. The increases in traffic were no frequent so error occurred sporadically (sic!).

During the tracking error, no one came up with the idea to look on cardinality of the Tomcat session (there are lots of them in heavy traffic). Only application profiling revealed that there are a lot of objects Axis'a session is indicated clue: enough to look at the number of sessions on Tomcat'cie, look for deploy.wsdd with the description Service2WS parameter, and see this thing was clear.

Why were so many sessions for one client WS and one server WS. The explanation is simple, Service2WS session was so involved sessions for each request to the URL or cookie does not transfer any jsessionid = SES_ID, and that the client Service2WS do not send this parameter (because the intended use of the no session services), each request assumed a new session. Even though each such session expire after 8 hours, it's still under heavy traffic arose so many objects session that could fullfill, or at any rate limited space Heap.

The proposal, still the same, carefully copying the code.