Q:

I’m having a problem with a JSR 168 portlet accessing the session. When a
user is logged in to the portal, everything works fine. When I log out and
try to access the portlet via the anonymous user I get an error in the
console:

[11/16/04 16:46:02:427 GMT-05:00] 44094409 SessionContex W SESN0066E:
Response is already commited to client. Session cookie cannot be set.

Since the session cookie isn’t set, the session data is lost on the next
page request (which is causing all sorts of other problems when I click
buttons in the portlet). The portlet is generating the same content and
doing the same thing whether or not a user is logged on so I’m not sure why
the response is getting commited with “anonymous” and not with “wpsadmin”.
Also, it’s strange because I get this error after the portlet has been
rendered. I would think the session cookie would be written before portlets
get rendered to prevent this sort of problem. Anybody have any ideas?


A:
Have you turned on sessions for anonymous users?

By default, sessions are disabled for anonymous users for performance
reasons. If you determine that it is necessary for your portlet to use a
session for anonymous users, open the portal InfoCenter and search for
“anonymous session” for more information. You’ll need to change the
public.session parameter in NavigatorService.properties.


QA:
The main issue is that you do not have the loggout mechanism to trigger
garbage collection of the session data. This means that the session data
will remain in memory until the session times out. Depending upon the kind
of site you are building and the kind of unauthenticated traffic you get,
this can cause a huge memory load on the server.


A:
In our case we are writing an application that has its own login/logout
Due to the requirements we are not using Portal’s user management, the
user will be anonymous as far as portal is concerned…
Looks like as long as we are managing our sessions correctly there
should not be many memory issues….

It has been researched that 95% of people don’t log out from service but
just shuts down the browser anyway..