Re: Disable the session in tomcat

Wed, 17 Jul 2013 14:24:06 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel,

On 7/17/13 5:04 PM, Daniel NAZARKIEWICZ wrote:
> Yes, i want to prevent session from being created because the
> sessions are not needed in my specific case, so no session at all
> in the cookie neither in the URL.
> 
> Is this possible ?

Yes. Write a HttpSessionListener and unconditionally throw an
exception from the sessionCreated() method and kill the session. Like
this:

public class IronFistedHttpSessionListener
    implements HttpSessionListener
{
    @Override
    public void sessionCreated(HttpSessionEvent se)
    {
        se.getSession().invalidate();
        throw new IllegalStateException("Session use is not permitted.");
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se)
    {
      // Do nothing
    }
}

Note that this may cause parts of your code to start to fail. Now, it
will be your job to fix the parts of your code that are triggering
sessions to be created.

For example, if you don't explicitly state session="false" in all of
your JSPs, a session will be created by default. So, you'll need to
edit all the JSPs you have that don't state session="false" so they
won't create sessions.

You may have other places in your code where sessions are created due
to careless code. Fix those and your HttpSessionListener should never
be invoked.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR5wsoAAoJEBzwKT+lPKRYm7sP/3X9rSU0I1OuMXbvjw1GdYtw
ls+EUthrCruC9g/woKiTdbL7Jsh9SFCXnTE5tldFjv/ttxgUZAMkAkz/0DKRmvGG
jKi9pWQpXF/07UatBVf9Jvp2M3ozvG3F41+LFtSnUOkRi41FSNCk2BEOfdiQVuhQ
gnJi+jPgaX9177xVcumL1hW58eT2X2NCYD7SWI6TeXHObqPA9JWyNBC6qNgaiwve
YriJ1Q+0/1zzZv7sprK8+8uesf6xPTkf9MQRYb/+CLMl9ODzeU6kWCQpHzkAE0f+
pa6fqtX0a7QImYv9sqOZGEhpw8tcZX/2jYXihMcv5gof6QHucD4z5+zyJgtW0MYZ
/GjIaMDYDa0plIeaOVr7aFZhLslRF28gTk8B1xctn6N7OT+qC5Ivd6WgKdez++Xv
f2Jh4efyjqIpSBvKyY0jLFjiy2WwwxVe2R/mF+O2HJHUtmKfViFzfmERUdVqnRa0
OYRnJ3rAY2k5ZQObc+1jcCAICNlL67GAY3PLaVGNpxMS7UyTmAC7o/A/iG4FIeuy
05JwlUen5mMk/4YPogxd1NgHFzEw/FTXS4RVwOlc6XHuOQ49QWbkvtQv9X7q6LZp
fYPUT9R0aUP/vZebCGiB7+8GAexW/UIsTPZ2EZ9z6O1/IHAR/ZLroc2c+OPowLy5
oqlxOnT1IUVQLVTuh5xe
=Mc3k
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to