On 27 November 2014 at 10:02, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> A central switch that switches off sessions would also be really
> convenient for various others specs
>
But sessions are off by default.
You only get a session if you ask for one or use an authentication
mechanism that asks for one on your behalf.
If we add a mechanism to turn off sessions and then all the apps/frameworks
that are currently doing getSession(true) on behalf of the user (and thus
making the user try a hack to get rid of the session), will just throw a
NPE or ISE instead.
cheers
--
Greg Wilkins <gregw_at_intalio.com> @ Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.