My web app consists of a single servlet, no JSPs and no static content. The servlet retrieves XML from POST submissions and hands the XML and IP address of the client to an API/engine. This engine can work outside of a web container and has no knowledge of a web container. It has its own mechanism for managing sessions.
For this reason, for this web application, I require no session management overhead by Tomcat. I would like to disable all aspects (that I can) of Tomcat session management, including session cookies and/or url rewriting. Searches on the topic yielded the following suggestions, 1. Never call getSession(). That makes sense - if its never called then things are never stored in the session and, perhaps, Tomcat doesn't create some things that it might have. But I have some question marks over this suggestion. Does Tomcat still utilise resources simply by having the standard session manager in place? Does tomcat still set cookies and/or rewrite URLs? If I never call getSession() will this lead to as little resources being used when compared to a solution that replaces the standard manager with a 'do nothing' manager implementation? 2. Set the 'cookies' attribute of the context to false. To me, I would not think this addresses my issue at all. 3. Write a Manager implementation that does the bare minimum. This would seem like the best solution to me, although, the most time consuming. My question - Given that I do not require the use of http sessions in Tomcat, what would be the best way for me to minimise the resources Tomcat devotes to session management? I would prefer if the solution disabled session cookie writing and/or url rewriting, as neither serves a purpose as there are no sessions to track (from my application's perspective). Cheers.
