Jan Luehe wrote:
> On 04/30/09 01:16 PM, Jan Luehe wrote:
>> On 04/30/09 09:32 AM, glassfish_at_javadesktop.org wrote:
>>> Hello all,
>>>
>>> I need to make my web application completely stateless, and thus
>>> would like to turn off http session generation by the app server (ie,
>>> no memory consumed, no jsessionid generation, etc). These are
>>> business requirements (not my fault!). In any event, the only thing
>>> I've done is set the JSP tags to not participate in sessions - but I
>>> don't see anything in the sun-web.xml that indicates if GlassFish can
>>> be told to NOT create a session. Is this possible, and if so, where
>>> is that configured (short of me writing a servlet filter that
>>> programmatically calls session.invalidate() ) ?
>>>
>>
>> There is no such config option available, as it would be in violation
>> of the Servlet spec,
>> which requires that a call to HttpServletRequest#getSession create a
>> session if one does
>> not already exist.
>
> I was able to think of a simple and portable solution when this issue
> was brought up again
> during a meeting earlier this morning: How about declaring an
> HttpSessionListener in your app,
> and implementing its sessionCreated callback such that it throws an
> IllegalStateException?
>
> Jan
Jan,
I might be daft, but I still do not see the issue here. If there is a
requirement not to use any session - why then would one call
getSession() or getSession(true) in the first place? And as long as
these methods are not called - no session gets created anyway.
Also, the listener's sessionCreated gets notified when the session
already has been created - thus too late for the requirement not to
create a session.
What do I miss here?
--
Wolfram Rittmeyer