我们使用单台 Tomcat 的时候不会有共享 sesssion 的疑虑,只要使用 Tomcat 的默认配置即可,session 即可存储在 Tomcat 上。但是随着业务的扩大,增加 Tomcat 节点构成 Tomcat 集群大势所趋,分布式带来了增加更大规模并发请求的优势,但是也随之到来了一个问题,每个 Tomcat 只存储来访问自己的请求产生的 session,如果 Tomcat-A 已经为客户端 C 创建了会话 session,那么 Tomcat-B 并不知道客户端已与集群中的 Tomcat-A 产生了会话,在访问时就会为 C 再创建一份 session,如果是基于 session 的验证会话权限的接口(如用户登录认证后才可访问的数据接口),将会导致在访问集群中不同节点的时候重复认证。session 的不共享导致原来的会话管理机制在 Tomcat 集群中无法工作。
Monitoring the metrics and runtime characteristics of an application server is essential to ensure the adequate functioning of the applications running on that server, as well as to prevent or resolve potential issues in a timely manner.
As far as Java applications go, one of the most commonly used servers is Apache Tomcat, which will be the focus of this article.
Tomcat performance monitoring can be done either by relying on JMX beans or by using a dedicated monitoring tool like MoSKito or JavaMelody.
The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack.
Having default configuration supply much sensitive information which may help hacker to prepare for an attack the Web server.
The majority of Web application attacks are through XSS, Info Leakage, Session Management and PHP Injection attacks which are due to weak programming code and failure to sanitize Web application infrastructure.
我的开源