REST requests create anemic HttpSessions ---------------------------------------- Key: JBSEAM-3264 URL: https://jira.jboss.org/jira/browse/JBSEAM-3264 Project: Seam Issue Type: Task Components: WS Reporter: Christian Bauer Assignee: Christian Bauer REST requests are supposed to be stateless and the majority of users will write stateless services. However, Seams ContextualHttpRequest wrapper will always start an HttpSession when a request hits the server, so that the SESSION context is available. This is all good and OK, as long as we find a way to remove this session as soon as the request is over, it's never going to be used again. If we don't do anything, each and every REST call will create a new HttpSession which means trouble. This is a chicken/egg problem as some users might want to write stateful REST services in some situations, so we can't just globally kill all such sessions. Two possible solutions, probably should implement both: 1. Introduce a global configuration switch that says "I do not use sessions across requests, I do not send a session identifier with my REST calls". We can then invalidate the HttpSession after a REST request is served, so the SESSION context would effectively have the same lifespan as the EVENT context. This helps with memory consumption and active session limit. 2. Introduce a global configuration switch that says "I might use sessions across requests, I might want to send a session identifier with some of my REST calls". In that situation you probably want a shorter session timeout, not the global one your set in web.xml. So this configuration option would allow you to specify a different session timeout for any HttpSession that has been created for a REST request.