I'm having a pretty ridiculous problem. I'm using a Tomcat server, and there's a crawler elsewhere on my LAN (which I have no control over). This crawler will occasionally try to crawl my site, which contains tens of thousands of pages. The crawler doesn't handle cookies, and so every time it requests a page, Tomcat creates a new session. The end result is that tens of thousands of sessions can get created very rapidly; the server doesn't have much RAM, so this run the server out of memory and bring it to its knees.
Is there any way to limit the number of sessions that can be created on Tomcat? Better yet, is there a way to limit the number of sessions created for a single IP address?