Having a temp session just for a single request cries for getting misused I fear :/
What if you have another app which requires a real session?
For me it boils down to what Mark Thomas and a few others already said:
> On Thursday, 27 November 2014, 4:33, Stuart Douglas <sdouglas_at_redhat.com> wrote:
> >
>
> ----- Original Message -----
>> From: "Greg Wilkins" <gregw_at_intalio.com>
>> To: "users" <users_at_servlet-spec.java.net>
>> Sent: Thursday, 27 November, 2014 2:05:26 PM
>> Subject: [servlet-spec users] Re: session(-less) applications
>>
>> On 27 November 2014 at 10:02, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
>>
>> > A central switch that switches off sessions would also be really
>> > convenient for various others specs
>> >
>>
>> But sessions are off by default.
>>
>> You only get a session if you ask for one or use an authentication
>> mechanism that asks for one on your behalf.
>>
>> If we add a mechanism to turn off sessions and then all the apps/frameworks
>> that are currently doing getSession(true) on behalf of the user (and thus
>> making the user try a hack to get rid of the session), will just throw a
>> NPE or ISE instead.
>
> Well one of the proposed options was for it to just return a session that
> lasts for a single request.
>
> I'm still not sure what the actual use case for this is, I assume it is an
> app with some 3rd party code calls getSession(true)? If this is the case I
> don't really like the idea of adding session less applications to the spec
> just to work around it.
>
> Stuart
>
>
>>
>> cheers
>>
>>
>>
>> --
>> Greg Wilkins <gregw_at_intalio.com> @ Webtide - *an Intalio
> subsidiary*
>> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that
> scales
>> http://www.webtide.com advice and support for jetty and cometd.
>>
>