On 27 November 2014 at 19:38, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> * Create session for 1 request
I think there are lots of problems with this, not least the object churn
and wasted event notification.
Should a session cookie be set?
What if generated HTML contains a href with the session ID encoded in the
URL and that causes the client to send a request before the generated HTML
is fully generated (and thus the request is not finished). Will that
request see the same session? if not why not? If it does, when does the
session get invalidated? If it is a long polling application, there may
never be a time when there is no request in the container and the session
may live for a long time.
HttpSession semantics are ropey enough without introducing such difficult
racy transient invalidation.
cheers
--
Greg Wilkins <gregw_at_intalio.com> @ Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.