On Thu, Jul 18, 2013 at 12:22 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Daniel,
>
> On 7/17/13 5:04 PM, Daniel NAZARKIEWICZ wrote:
> > Yes, i want to prevent session from being created because the
> > sessions are not needed in my specific case, so no session at all
> > in the cookie neither in the URL.
> >
> > Is this possible ?
>
> Yes. Write a HttpSessionListener and unconditionally throw an
> exception from the sessionCreated() method and kill the session. Like
> this:
>
> public class IronFistedHttpSessionListener
> implements HttpSessionListener
> {
> @Override
> public void sessionCreated(HttpSessionEvent se)
> {
> se.getSession().invalidate();
> throw new IllegalStateException("Session use is not permitted.");
> }
>
> @Override
> public void sessionDestroyed(HttpSessionEvent se)
> {
> // Do nothing
> }
> }
>
>
If sessions are not needed most probably you dont have state as well.IMHO
is better to see what leads to session creation and avoid it than having
artificial session termination code.
> Note that this may cause parts of your code to start to fail. Now, it
> will be your job to fix the parts of your code that are triggering
> sessions to be created.
>
> For example, if you don't explicitly state session="false" in all of
> your JSPs, a session will be created by default. So, you'll need to
> edit all the JSPs you have that don't state session="false" so they
> won't create sessions.
>
> You may have other places in your code where sessions are created due
> to careless code. Fix those and your HttpSessionListener should never
> be invoked.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJR5wsoAAoJEBzwKT+lPKRYm7sP/3X9rSU0I1OuMXbvjw1GdYtw
> ls+EUthrCruC9g/woKiTdbL7Jsh9SFCXnTE5tldFjv/ttxgUZAMkAkz/0DKRmvGG
> jKi9pWQpXF/07UatBVf9Jvp2M3ozvG3F41+LFtSnUOkRi41FSNCk2BEOfdiQVuhQ
> gnJi+jPgaX9177xVcumL1hW58eT2X2NCYD7SWI6TeXHObqPA9JWyNBC6qNgaiwve
> YriJ1Q+0/1zzZv7sprK8+8uesf6xPTkf9MQRYb/+CLMl9ODzeU6kWCQpHzkAE0f+
> pa6fqtX0a7QImYv9sqOZGEhpw8tcZX/2jYXihMcv5gof6QHucD4z5+zyJgtW0MYZ
> /GjIaMDYDa0plIeaOVr7aFZhLslRF28gTk8B1xctn6N7OT+qC5Ivd6WgKdez++Xv
> f2Jh4efyjqIpSBvKyY0jLFjiy2WwwxVe2R/mF+O2HJHUtmKfViFzfmERUdVqnRa0
> OYRnJ3rAY2k5ZQObc+1jcCAICNlL67GAY3PLaVGNpxMS7UyTmAC7o/A/iG4FIeuy
> 05JwlUen5mMk/4YPogxd1NgHFzEw/FTXS4RVwOlc6XHuOQ49QWbkvtQv9X7q6LZp
> fYPUT9R0aUP/vZebCGiB7+8GAexW/UIsTPZ2EZ9z6O1/IHAR/ZLroc2c+OPowLy5
> oqlxOnT1IUVQLVTuh5xe
> =Mc3k
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
