On 05/ 4/09 01:41 PM, Wolfram Rittmeyer wrote:
> Jan Luehe wrote:
>> On 04/30/09 09:32 AM, glassfish_at_javadesktop.org wrote:
>>> Hello all,
>>>
>>> I need to make my web application completely stateless, and thus
>>> would like to turn off http session generation by the app server
>>> (ie, no memory consumed, no jsessionid generation, etc). These are
>>> business requirements (not my fault!). In any event, the only thing
>>> I've done is set the JSP tags to not participate in sessions - but I
>>> don't see anything in the sun-web.xml that indicates if GlassFish
>>> can be told to NOT create a session. Is this possible, and if so,
>>> where is that configured (short of me writing a servlet filter that
>>> programmatically calls session.invalidate() ) ?
>>>
>>
>> There is no such config option available, as it would be in violation
>> of the Servlet spec,
>> which requires that a call to HttpServletRequest#getSession create a
>> session if one does
>> not already exist.
>
> I think for the original poster it would be sufficient if sessions were
> only created in case of a call to request.getSession() or
> request.getSession(true). Thus if neither of these methods is ever
> called, no session would be created.
>
> Which of course begs the question if sessions can get created even
> without this method call. I guess not, because otherwise the method
> call request.getSession(false) would be rather pointless.
>
> Thus I think there is simply no need for any additional property to
> fulfill the stated requirements. Or did I miss s.th. here?
I think the user was initially referring to the "session" attribute of
the JSP page directive, which is set to true by default, causing a call to
HttpServletRequest#getSession and assigning the result to the implicit
scripting variable named "session", even without the user ever having
done any explicit calls to HttpServletRequest#getSession.
Do prevent this "implicit" creation of sessions when accessing a JSP page,
the "session" attribute of the JSP's page directive must be set to false:
<%@ page session="false">
but the user seemed to be aware of this, and seemed to be looking for an
option in sun-web.xml that would suppress any session creation, even
by a call to HttpServletRequest#getSession, which, of course, does not
exist.
Jan
>
>
> --
> Wolfram Rittmeyer
>
>>
>> A compliant server must not provide any config options that would
>> lead to spec
>> incompatible behaviour.
>>
>> Jan
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>