tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Preventing tomcat from creating sessions
Date Wed, 14 May 2008 17:34:20 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Youssef,

Youssef Mohammed wrote:
| I am writing a set of RESTful services. client do not send cookies and we
| don't want to user URL rewriting for most
| of the services (they are just stateless).
| The issue is when the client calls
http://localhost/services/resource say
| n times, the application server/servlet container creates n sessions !
| How do i prevent that from happening ?

AFAIK, Tomcat does not create a session unless the code you are running
requests a session to be created. Are you using JSPs? Do they have
session="false" set in them? What about other code that might be calling
request.getSession(true) or request.getSession()?

You should be able to find the cause of the sessions being created AND
prevent them from actually being created by using a filter like this:

public void doFilter(ServletRequest request,
~                     ServletResponse response,
~                     FilterChain chain)
{
~  if(request instanceof HttpServletRequest)
~    request = new SessionKillingRequest((HttpServletRequest)request);

~  chain.doFilter(request, response);
}

public class SessionKillingRequest
~   extends HttpServletRequestWrapper
{
~  public SessionKillingRequest(HttpServletRequest request)
~  {
~    super(request);
~  }

~  public HttpSession getSession(boolean create)
~  {
~    if(create)
~    {
~      new Throwable("Attempted session creation").printStackTrace();
~    }
~    return null;
~  }
}

This will print a stack trace indicating where your code is requesting a
session, and it should prevent the creation of those sessions.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgrIpwACgkQ9CaO5/Lv0PDTowCgoHCYiOjNxjivyK74ODBjqCL7
7mQAnjd2L55aYlRhT+dFnEXyTZWVn2Pw
=5dsM
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message