How to monitor and invalidate HTTP Sessions in WildFly

This article we will learn how to monitor and invalidate HTTP Sessions in WildFly application server / JBoss EAP using the management instruments such as the Command Line Interface and the Web console.

Monitoring HTTP Sessions

First of all, in order to gather statistics about HTTP sessions, you need to enable statistics on undertow subsystem You can do it from the CLI as follows:


That being said, let’s start checking an example application which has been deployed and has 2 active sessions:

    "outcome" => "success",
    "result" => {
        "active-sessions" => 2,
        "context-root" => "/example",
        "expired-sessions" => 0,
        "highest-session-count" => 2,
        "max-active-sessions" => -1,
        "rejected-sessions" => 0,
        "server" => "default-server",
        "session-avg-alive-time" => 0,
        "session-max-alive-time" => 0,
        "sessions-created" => 2,
        "virtual-host" => "default-host",
        "servlet" => undefined,
        "websocket" => undefined

On the other hand, if you want to monitor the active HTTP Sessions for a single Web application, refer to the /deployment Model. For example, to count the active sessions for the Web application example.war:


Monitoring HTTP Sessions with the Metrics

The Metrics subsystem is available as a Microprofile extensions. By checking metrics, you can collect insights on the core application server indicators, including the HTTP Sessions. To collect Undertow’s sessions, you can query the /metrics endpoint as follows:

curl -s http://localhost:9990/metrics | grep -e "^jboss_undertow_.*_sessions" | grep webapp.war

The above example, filters the metrics for the application “webapp.war”. To learn more about WildFly metrics, check this article: How to manage WildFly metrics

Invalidating HTTP Sessions

In order to invalidate HTTP Sessions or check the Session attributes, we need to collect its Session id. This can be done programmaticaly at some point:

HttpSession session = request.getSession();
String sessionid = session.getId();

However you can list HTTP Sessions from the CLI as well:

    "outcome" => "success",
    "result" => [

With that value, we can invalidate the HTTP Session as follows:


We can also check the list of attributes which have been added to the Session:

    "outcome" => "success",
    "result" => ["name"]

That can be combined with the attribute’s values:

[standalone@localhost:9990 /] /deployment=example.war/subsystem=undertow:list-session-attributes(session-id=k3Yp2uwWYDxWhCe7JhpKghrEsxE6Gyo9lZgFySWC)
    "outcome" => "success",
    "result" => [("name" => "Frank")]

Monitoring and invalidating HTTP Sessions from WildFly Web Console

It is worth mentioning, that you can also collect statistics and invalidate HTTP Sessions from the Web Console.

You should select your deployment unit under “Runtime / Server / Web / Deployment”. The following UI shows the core HTTP Session statistics:

wildfly monitor inspect http sessions

To invalidate a HTTP Session, choose a deployment and select the “View” button. Within the available catgories (Sessions/Servlets/WebSockets), choose “Sessions“.

There, you can see all active sessions. Select a session to inspect HTTP session attributes. Also, you can invalidate a session by pressing “Invalidate Session“.

wildfly monitor inspect http sessions


In conclusion, monitoring WildFly HTTP Sessions is a crucial steps towards ensuring the reliability and scalability of your enterprise applications. By closely monitoring key performance indicators and employing efficient monitoring tools, you can proactively identify bottlenecks, optimize resource utilization, and prevent potential downtime.