Preventing tomcat to create sessions

Discussion in 'Java' started by youssef.mohammed@gmail.com, May 14, 2008.

  1. Guest

    Hi;
    I am writing set of REST services for some Flash clients, flash
    doesn't send cookies and we don't want to user URL rewriting for most
    of the services (they are just stateless).
    The issue is when the client calls http://localhost/services/resource
    say n times ... the application server/servlet container creates n
    sessions !
    How do i prevent that from happening ?
    , May 14, 2008
    #1
    1. Advertising

  2. Dave Miller Guest

    wrote:
    > Hi;
    > I am writing set of REST services for some Flash clients, flash
    > doesn't send cookies and we don't want to user URL rewriting for most
    > of the services (they are just stateless).
    > The issue is when the client calls http://localhost/services/resource
    > say n times ... the application server/servlet container creates n
    > sessions !
    > How do i prevent that from happening ?
    >

    HttpSession getSession(false);

    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
    Dave Miller, May 14, 2008
    #2
    1. Advertising

  3. Arne Vajhøj Guest

    wrote:
    > I am writing set of REST services for some Flash clients, flash
    > doesn't send cookies and we don't want to user URL rewriting for most
    > of the services (they are just stateless).
    > The issue is when the client calls http://localhost/services/resource
    > say n times ... the application server/servlet container creates n
    > sessions !
    > How do i prevent that from happening ?


    Servlets does not create sessions by default. JSP Pages
    does, but I doubt that your REST service is a JSP page.

    What REST framework are you using to create the service ?

    (it should not create a session, because session is against
    the core idea in REST)

    Arne
    Arne Vajhøj, May 15, 2008
    #3
  4. Guest

    On May 15, 3:02 am, Arne Vajhøj <> wrote:
    > wrote:
    > >   I am writing set of REST services for some Flash clients, flash
    > > doesn't send cookies and we don't want to user URL rewriting for most
    > > of the services (they are just stateless).
    > > The issue is when the client calls  http://localhost/services/resource
    > > say n times ...  the application server/servlet container creates n
    > > sessions !
    > > How do i prevent that from happening ?

    >
    > Servlets does not create sessions by default. JSP Pages
    > does, but I doubt that your REST service is a JSP page.
    >
    > What REST framework are you using to create the service ?


    I I have built few simple classes based on pure servlet. but i am
    using spring framework as IoC container.

    >
    > (it should not create a session, because session is against
    > the core idea in REST)


    What if these services need to be authenticated. then we have do a
    service to authenticate keep the user in the session, and get that
    user everytime other authenticated service is invoked, right ?

    >
    > Arne
    , Jun 25, 2008
    #4
  5. Arne Vajhøj Guest

    wrote:
    > On May 15, 3:02 am, Arne Vajhøj <> wrote:
    >> wrote:
    >>> I am writing set of REST services for some Flash clients, flash
    >>> doesn't send cookies and we don't want to user URL rewriting for most
    >>> of the services (they are just stateless).
    >>> The issue is when the client calls http://localhost/services/resource
    >>> say n times ... the application server/servlet container creates n
    >>> sessions !
    >>> How do i prevent that from happening ?

    >> Servlets does not create sessions by default. JSP Pages
    >> does, but I doubt that your REST service is a JSP page.
    >>
    >> What REST framework are you using to create the service ?

    >
    > I I have built few simple classes based on pure servlet. but i am
    > using spring framework as IoC container.


    There are dedicated frameworks available like:
    http://www.restlet.org/

    >> (it should not create a session, because session is against
    >> the core idea in REST)

    >
    > What if these services need to be authenticated. then we have do a
    > service to authenticate keep the user in the session, and get that
    > user everytime other authenticated service is invoked, right ?


    REST is intended to be stateless. A session means state.

    The REST ways to do it are:
    - BASIC or DIGEST authentication
    - SSL client certificate
    - custom HTTP header

    Arne
    Arne Vajhøj, Jun 26, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,358
    Luther Miller
    Aug 8, 2003
  2. Daniel Schneller

    [Q] Tomcat sessions

    Daniel Schneller, Oct 10, 2003, in forum: Java
    Replies:
    4
    Views:
    2,894
    Daniel Schneller
    Oct 13, 2003
  3. michel carriere
    Replies:
    2
    Views:
    901
    michel carriere
    Dec 18, 2003
  4. scottymo
    Replies:
    3
    Views:
    693
    Dominick Baier
    Sep 30, 2006
  5. Bookham Measures

    Moving from ASP Sessions to Database Sessions

    Bookham Measures, Jul 23, 2007, in forum: ASP General
    Replies:
    19
    Views:
    560
    Bookham Measures
    Aug 23, 2007
Loading...

Share This Page