Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Preventing tomcat to create sessions

Reply
Thread Tools

Preventing tomcat to create sessions

 
 
youssef.mohammed@gmail.com
Guest
Posts: n/a
 
      05-14-2008
Hi;
I am writing set of REST services for some Flash clients, flash
doesn't send cookies and we don't want to user URL rewriting for most
of the services (they are just stateless).
The issue is when the client calls http://localhost/services/resource
say n times ... the application server/servlet container creates n
sessions !
How do i prevent that from happening ?

 
Reply With Quote
 
 
 
 
Dave Miller
Guest
Posts: n/a
 
      05-14-2008
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi;
> I am writing set of REST services for some Flash clients, flash
> doesn't send cookies and we don't want to user URL rewriting for most
> of the services (they are just stateless).
> The issue is when the client calls http://localhost/services/resource
> say n times ... the application server/servlet container creates n
> sessions !
> How do i prevent that from happening ?
>

HttpSession getSession(false);

--
Dave Miller
Java Web Hosting at:
http://www.cheap-jsp-hosting.com/
 
Reply With Quote
 
 
 
 
Arne Vajh°j
Guest
Posts: n/a
 
      05-15-2008
(E-Mail Removed) wrote:
> I am writing set of REST services for some Flash clients, flash
> doesn't send cookies and we don't want to user URL rewriting for most
> of the services (they are just stateless).
> The issue is when the client calls http://localhost/services/resource
> say n times ... the application server/servlet container creates n
> sessions !
> How do i prevent that from happening ?


Servlets does not create sessions by default. JSP Pages
does, but I doubt that your REST service is a JSP page.

What REST framework are you using to create the service ?

(it should not create a session, because session is against
the core idea in REST)

Arne
 
Reply With Quote
 
youssef.mohammed@gmail.com
Guest
Posts: n/a
 
      06-25-2008
On May 15, 3:02*am, Arne Vajh°j <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:
> > * I am writing set of REST services for some Flash clients, flash
> > doesn't send cookies and we don't want to user URL rewriting for most
> > of the services (they are just stateless).
> > The issue is when the client calls *http://localhost/services/resource
> > say n times ... *the application server/servlet container creates n
> > sessions !
> > How do i prevent that from happening ?

>
> Servlets does not create sessions by default. JSP Pages
> does, but I doubt that your REST service is a JSP page.
>
> What REST framework are you using to create the service ?


I I have built few simple classes based on pure servlet. but i am
using spring framework as IoC container.

>
> (it should not create a session, because session is against
> the core idea in REST)


What if these services need to be authenticated. then we have do a
service to authenticate keep the user in the session, and get that
user everytime other authenticated service is invoked, right ?

>
> Arne


 
Reply With Quote
 
Arne Vajh°j
Guest
Posts: n/a
 
      06-26-2008
(E-Mail Removed) wrote:
> On May 15, 3:02 am, Arne Vajh°j <(E-Mail Removed)> wrote:
>> (E-Mail Removed) wrote:
>>> I am writing set of REST services for some Flash clients, flash
>>> doesn't send cookies and we don't want to user URL rewriting for most
>>> of the services (they are just stateless).
>>> The issue is when the client calls http://localhost/services/resource
>>> say n times ... the application server/servlet container creates n
>>> sessions !
>>> How do i prevent that from happening ?

>> Servlets does not create sessions by default. JSP Pages
>> does, but I doubt that your REST service is a JSP page.
>>
>> What REST framework are you using to create the service ?

>
> I I have built few simple classes based on pure servlet. but i am
> using spring framework as IoC container.


There are dedicated frameworks available like:
http://www.restlet.org/

>> (it should not create a session, because session is against
>> the core idea in REST)

>
> What if these services need to be authenticated. then we have do a
> service to authenticate keep the user in the session, and get that
> user everytime other authenticated service is invoked, right ?


REST is intended to be stateless. A session means state.

The REST ways to do it are:
- BASIC or DIGEST authentication
- SSL client certificate
- custom HTTP header

Arne
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving from ASP Sessions to Database Sessions Bookham Measures ASP General 19 08-23-2007 03:51 PM
Cookieless Sessions (Sessions Without Cookies) and Security scottymo ASP .Net Security 3 09-29-2006 11:00 PM
two simultaneous tomcat sessions for the same user michel carriere Java 2 12-18-2003 05:07 AM
[Q] Tomcat sessions Daniel Schneller Java 4 10-13-2003 07:36 AM
Re: Relationship between IIS Sessions and ASP.NET Sessions? Ken Cox [Microsoft MVP] ASP .Net 1 08-08-2003 03:22 PM



Advertisments