Invalidating a stale session
Now if the token is revoked, we have to remove the token from the data base and then invalidate the cache in all the nodes. Problem is that even a short term load spike lead to system level reset and repair.
When I invalidate the cache, distributed cache has to know what nodes have the entry ( or send a message to all the nodes).
Tomcat bio connector used, tomcat 7.0.42, spring-security 3.1.3 I have find out that problem occures only when STREAMING transport used. Also I have find out, that problem in Security Context Impl instance which contains corrupt authenticator for atmosphere's thread.
Note that http pattern is /** so atmosphere requsts filtered by security.
Also, last thing I need when my server is loaded is to start repair and data shuffling.
It is possible to run a distributed cache without trouble if you do lot of monitoring and hand holding to make sure nodes are not loaded.
is defined as a series of related browser requests that come from the same client during a certain time period.
Session tracking ties together a series of browser requests—think of these requests as pages—that may have some meaning as a whole, such as a shopping cart application.
HTTP does not provide tools that can track users and data in the context of a web session.A session is secure if and only if: near the end of this document.It is advisable to use sessions only on pages where they are necessary because of a performance impact on your application.However, configuring how Web Logic Server manages sessions is a key part of tuning your application for best performance.When you set up session management, you determine factors such as: You can also store data permanently from an HTTP session. You configure Web Logic Server session tracking by defining properties in the Web Logic-specific deployment descriptor, .