-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Youssef,
Youssef Mohammed wrote: | I am writing a set of RESTful services. client do not send cookies and we | don't want to user URL rewriting for most | of the services (they are just stateless). | The issue is when the client calls http://localhost/services/resource say | n times, the application server/servlet container creates n sessions ! | How do i prevent that from happening ? AFAIK, Tomcat does not create a session unless the code you are running requests a session to be created. Are you using JSPs? Do they have session="false" set in them? What about other code that might be calling request.getSession(true) or request.getSession()? You should be able to find the cause of the sessions being created AND prevent them from actually being created by using a filter like this: public void doFilter(ServletRequest request, ~ ServletResponse response, ~ FilterChain chain) { ~ if(request instanceof HttpServletRequest) ~ request = new SessionKillingRequest((HttpServletRequest)request); ~ chain.doFilter(request, response); } public class SessionKillingRequest ~ extends HttpServletRequestWrapper { ~ public SessionKillingRequest(HttpServletRequest request) ~ { ~ super(request); ~ } ~ public HttpSession getSession(boolean create) ~ { ~ if(create) ~ { ~ new Throwable("Attempted session creation").printStackTrace(); ~ } ~ return null; ~ } } This will print a stack trace indicating where your code is requesting a session, and it should prevent the creation of those sessions. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgrIpwACgkQ9CaO5/Lv0PDTowCgoHCYiOjNxjivyK74ODBjqCL7 7mQAnjd2L55aYlRhT+dFnEXyTZWVn2Pw =5dsM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
