I an actually facing the same situation. Is it possible to disable JSP sessions once and for all with a configuration setting? Adding the page directive to disable session to each JSP should work but I am afraid that our developers will not always remember to do so.
Bill On Wed, May 19, 2010 at 9:24 AM, Brett Birschbach < brett.birschb...@hs2solutions.com> wrote: > Always happens...as soon as I ask the question, I figure out the answer. > > The problem is I am running <c:import> tags to import some JSPs, and those > imported JSPs do not have the <%@ page session="false" %> directive. If I > add the directive to those JSPs, I'm golden. > > -- > Brett Birschbach > HS2 Solutions, Inc > brett.birschb...@hs2solutions.com > (773) 296-2600 x501 > > > -----Original Message----- > From: Brett Birschbach [mailto:brett.birschb...@hs2solutions.com] > Sent: Wednesday, May 19, 2010 8:16 AM > To: users@tomcat.apache.org > Subject: Prevent JSP Session > > I am currently running Tomcat 6.0.24 on a Windows Vista machine. > > The web app I am developing will be deployed to a cloud, where server > affinity will be thrown to the wind. Thus, instead of relying on tomcat to > manage my session, I am instead managing the session via manual cookies and > a database. > > Being that I cannot leverage the tomcat session, I don't want to create a > session at all. This has a two-fold benefit: > > 1) Slight performance increase due to avoiding session creation > overhead > > 2) I can put a session listener in place to log an error if ever a > session is created, to ensure that we are not using the tomcat session in > the development environment where everything would appear to be fine until > we deploy to the cloud. > > According to JSP spec, I believe I should be able to use the following > directive to prevent a session from being created by my JSPs: <%@ page > session="false" %>. However, even when doing so, I am still getting a > session created by the internals of the JSP container. Is there something I > am doing wrong? Is it possibly a bug in Tomcat 6.0.24 (couldn't find it on > Bugzilla)? Or is it simply a "necessary evil"? > > The generated JSP code that is triggering the session is: pageContext > = _jspxFactory.getPageContext(this, request, response, null, true, 8192, > true); > > Below is the relevant portion of an exact stack trace: > at > org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:854) > at > org.apache.catalina.session.StandardManager.createSession(StandardManager.java:291) > at > org.apache.catalina.connector.Request.doGetSession(Request.java:2392) > at > org.apache.catalina.connector.Request.getSession(Request.java:2098) > at > org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:833) > at > javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) > at > org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:544) > at > org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:493) > at > org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:146) > at > org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:124) > at > org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:107) > at > org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:63) > at > org.apache.jsp.layouts.nav.layout_005fnav_002dadmin_jsp._jspService(layout_005fnav_002dadmin_jsp.java:44) > at > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > > Thanks! > > -- > Brett Birschbach > HS2 Solutions, Inc > brett.birschb...@hs2solutions.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
