tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Automatically Add Session ID
Date Thu, 23 Sep 2010 20:47:26 GMT
Hash: SHA1


I've re-arranged some of your comments so that my questions make a bit
more sense.

On 9/23/2010 4:13 PM, Jeff Thorn wrote:
> I am sure there are no sessions now. Its a REST based XML API.
> So my question is what kind of overhead does getSession() have? If its
> anything more than just generating an uid and settings a response
> header, I will just do that myself. But I would rather not reinvent
> the wheel since the session api does exactly what I want.

Is this clustered at all? If you are using a cluster and want your
session ids to be consistent, then there can be some overhead in
notifying the other servers that a new session has been created, etc.
Other than that, creating empty sessions and referencing them with every
request is going to have a pretty minimal impact unless your webapp does
very little with each request (like a web service that adds to numbers
provided by the client). Things like file and database access
overwhelmingly dominate the equation.

> The session id will simply end
> up in the access log files so we can group by and count unique
> sessions.

Session ids don't typically show up in access log files: you'll have to
configure your logging to do this. The AccessLogValve can certainly do
this for you.

> The clients of the API do support cookies and will return
> the session id in subsequent requests.

Perfect: that will pretty much be a requirement, unless the clients are
willing to accept a session id some other way and then add
";jsessionid=[the session id]" to the end of every request URL they use.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message