You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Phil Sladen <ph...@yahoo.co.uk> on 2007/06/28 17:13:16 UTC
Is there any way to avoid session being created
My code does not call request.getSession(true) or request.getSession() but struts still creates a session for me. I only want to create a session for a logged in user. Can this behaviour be avoided? Thanks.
---------------------------------
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your freeaccount today.
Re: Is there any way to avoid session being created
Posted by Paul Benedict <pb...@apache.org>.
JSP has a directive to prevent automatic session creation.
<%@ page *session*="false">
On 6/28/07, Fogleson, Allen <al...@daugherty.com> wrote:
>
> I assume you are using JSP? If so... well no there is not. JSP by
> default has a contract that a session is always available to it. Since
> it is always available an HTTPSession is always created if one is not
> available. We have gotten around this by having a session listener and
> cleaning up a session using it.
>
> Al
>
> -----Original Message-----
> From: Phil Sladen [mailto:phil_struts2@yahoo.co.uk]
> Sent: Thursday, June 28, 2007 10:13 AM
> To: user@struts.apache.org
> Subject: Is there any way to avoid session being created
>
> My code does not call request.getSession(true) or request.getSession()
> but struts still creates a session for me. I only want to create a
> session for a logged in user. Can this behaviour be avoided? Thanks.
>
>
>
> ---------------------------------
> Yahoo! Mail is the world's favourite email. Don't settle for less, sign
> up for your freeaccount today.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: Is there any way to avoid session being created
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Al,
Fogleson, Allen wrote:
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Thursday, June 28, 2007 10:48 AM
> To: Struts Users Mailing List
> Subject: Re: Is there any way to avoid session being created
>
>
> Fogleson, Allen wrote:
>> I assume you are using JSP? If so... well no there is not. JSP by
>> default has a contract that a session is always available to it.
>
>> Boy, is that statement false:
>
>> <@page session="false" @>
>
> Uhmmm I said "BY DEFAULT" Unless I am mistaken the default is
> "session='true'"
Sure, but you left out the all-important statement that this behavior
can be turned off. "There is no possible way to do what you are asking."
(oh, except that there is). :(
> IMHO not really the use for a session listener, but if you wanted to
> "debug" your code it is a use.
Well, if you're desperate to find out where sessions are being created,
it's much faster than a review of all the code on which you rely. Your
suggestion was to fix the symptom. Mine was to find the problem.
> But now you need an extensive regression
> suite to hit all your code. Not sure which effort is greater there. :)
Not necessarily. Just run your application (heck, in production, if you
want) and take note of any time a session is created that you didn't
expect. The regression is completely optional. If the application is
already in production, you have nothing to lose (the app can't get any
worse). If this issue is a blocker for release, then you'll have to
regression test anyway.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGg96g9CaO5/Lv0PARAsJjAKDAjv7RKgGva0MFaBr0XDTqAOPQtwCgo+3A
5mZwhCfcZm2EqEebu7CaiXs=
=gs1J
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Is there any way to avoid session being created
Posted by "Fogleson, Allen" <al...@daugherty.com>.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, June 28, 2007 10:48 AM
To: Struts Users Mailing List
Subject: Re: Is there any way to avoid session being created
Fogleson, Allen wrote:
> I assume you are using JSP? If so... well no there is not. JSP by
> default has a contract that a session is always available to it.
> Boy, is that statement false:
> <@page session="false" @>
Uhmmm I said "BY DEFAULT" Unless I am mistaken the default is
"session='true'"
> That seems like an awful waste of effort :(
Not really. We need a session for several reasons... even if they are
not logged in yet, plus we need a "custom" session to handle some stuff
a normal session would not handle easily. (i.e. a user has many
"accounts" the session must keep track of multiple payment pages for the
USER account, but not mess up the payment information for account1 with
account2.... information is stored in the session as "payment")
> This does bring up a good point, though, which is the use of an
> HttpSessionListener to observe "session creation" events. You can
> generate a stack trace when a session is created to find out when and
> where they are being created. As you find places where sessions are
> being created, you can modify your code or your configuration to avoid
> that session creation.
IMHO not really the use for a session listener, but if you wanted to
"debug" your code it is a use. But now you need an extensive regression
suite to hit all your code. Not sure which effort is greater there. :)
Let's face it, in most projects there is NO extensive (read that as
automated, or entirely repeatable) regression suite as it is normally
done by hand. At least in my 20 or so years that is my experience 99% of
the time.
Al
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGg9hB9CaO5/Lv0PARAgG0AJsHWMf0Iv4vs5xZPVCYdgF+sHo3CgCgv1Ij
iuynvwsBxYcJcaqvuhh1P28=
=S8L3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Is there any way to avoid session being created
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Allen,
Fogleson, Allen wrote:
> I assume you are using JSP? If so... well no there is not. JSP by
> default has a contract that a session is always available to it.
Boy, is that statement false:
<@page session="false" @>
Something else the OP might want to look for is Struts's preference to
keep a visitor's Locale in the session. I would imagine that if you
disable Locale caching, you'll eliminate one more place a session could
be created.
> Since it is always available an HTTPSession is always created if one
> is not available. We have gotten around this by having a session
> listener and cleaning up a session using it.
That seems like an awful waste of effort :(
This does bring up a good point, though, which is the use of an
HttpSessionListener to observe "session creation" events. You can
generate a stack trace when a session is created to find out when and
where they are being created. As you find places where sessions are
being created, you can modify your code or your configuration to avoid
that session creation.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGg9hB9CaO5/Lv0PARAgG0AJsHWMf0Iv4vs5xZPVCYdgF+sHo3CgCgv1Ij
iuynvwsBxYcJcaqvuhh1P28=
=S8L3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Is there any way to avoid session being created
Posted by "Fogleson, Allen" <al...@daugherty.com>.
I assume you are using JSP? If so... well no there is not. JSP by
default has a contract that a session is always available to it. Since
it is always available an HTTPSession is always created if one is not
available. We have gotten around this by having a session listener and
cleaning up a session using it.
Al
-----Original Message-----
From: Phil Sladen [mailto:phil_struts2@yahoo.co.uk]
Sent: Thursday, June 28, 2007 10:13 AM
To: user@struts.apache.org
Subject: Is there any way to avoid session being created
My code does not call request.getSession(true) or request.getSession()
but struts still creates a session for me. I only want to create a
session for a logged in user. Can this behaviour be avoided? Thanks.
---------------------------------
Yahoo! Mail is the world's favourite email. Don't settle for less, sign
up for your freeaccount today.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org