Jan Luehe wrote:
> On 04/30/09 09:32 AM, glassfish_at_javadesktop.org wrote:
>> Hello all,
>>
>> I need to make my web application completely stateless, and thus would
>> like to turn off http session generation by the app server (ie, no
>> memory consumed, no jsessionid generation, etc). These are business
>> requirements (not my fault!). In any event, the only thing I've done
>> is set the JSP tags to not participate in sessions - but I don't see
>> anything in the sun-web.xml that indicates if GlassFish can be told to
>> NOT create a session. Is this possible, and if so, where is that
>> configured (short of me writing a servlet filter that programmatically
>> calls session.invalidate() ) ?
>>
>
> There is no such config option available, as it would be in violation of
> the Servlet spec,
> which requires that a call to HttpServletRequest#getSession create a
> session if one does
> not already exist.
I think for the original poster it would be sufficient if sessions were
only created in case of a call to request.getSession() or
request.getSession(true). Thus if neither of these methods is ever
called, no session would be created.
Which of course begs the question if sessions can get created even
without this method call. I guess not, because otherwise the method call
request.getSession(false) would be rather pointless.
Thus I think there is simply no need for any additional property to
fulfill the stated requirements. Or did I miss s.th. here?
--
Wolfram Rittmeyer
>
> A compliant server must not provide any config options that would lead
> to spec
> incompatible behaviour.
>
> Jan
>