[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-3264) REST requests create anemic HttpSessions

Christian Bauer (JIRA) jira-events at lists.jboss.org
Fri May 8 03:47:46 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBSEAM-3264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christian Bauer closed JBSEAM-3264.
-----------------------------------

    Fix Version/s: 2.1.2
       Resolution: Done


Implemented the global <resteasy:application destroy-session-after-request="true"/> switch, need to revisit this issue when we implement conversation handling.



> REST requests create anemic HttpSessions
> ----------------------------------------
>
>                 Key: JBSEAM-3264
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3264
>             Project: Seam
>          Issue Type: Task
>          Components: WS
>            Reporter: Christian Bauer
>            Assignee: Christian Bauer
>             Fix For: 2.1.2
>
>
> REST requests are supposed to be stateless and the majority of users will write stateless services. However, Seams ContextualHttpRequest wrapper will always start an HttpSession when a request hits the server, so that the SESSION context is available. This is all good and OK, as long as we find a way to remove this session as soon as the request is over, it's never going to be used again. If we don't do anything, each and every REST call will create a new HttpSession which means trouble.
> This is a chicken/egg problem as some users might want to write stateful REST services in some situations, so we can't just globally kill all such sessions.
> Two possible solutions, probably should implement both:
> 1. Introduce a global configuration switch that says "I do not use sessions across requests, I do not send a session identifier with my REST calls". We can then invalidate the HttpSession after a REST request is served, so the SESSION context would effectively have the same lifespan as the EVENT context. This helps with memory consumption and active session limit.
> 2. Introduce a global configuration switch that says "I might use sessions across requests, I might want to send a session identifier with some of my REST calls". In that situation you probably want a shorter session timeout, not the global one your set in web.xml. So this configuration option would allow you to specify a different session timeout for any HttpSession that has been created for a REST request.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list