Disable HTTPSession for stateless web services

Question

I would like to know if it is possible to disable the HTTPSession for an application server handling only web services RESTful.

I don't know if there are specific application servers or servlet containers designed to handle micro RESTful web services.

I think that disabling completely the session concept will give the following advantages:

Better performances
No risk to save data in the session breaking the concept of stateless of a RESTful webservice
Less classes loaded by the classloader
No unused information is saved in the session (for example the session id, session state)
less access to synchronized blocks (I think that at least in the Session the value of lastAccessedTime is updated for every request and this should be done in a synchronized block)

If there is no application server or servlet container that can do that: Is there any other Java engine that can handle micro services without creating something similar to an HttpSession?

I edited the question adding a new request at the end. So it is not the same of the other. — Davide Lorenzo MARINO, Jan 08 '16 at 09:56
That only mangles the question by asking a secondary one which is incredibly vague and broad. — Gimby, Jan 08 '16 at 10:31
Is not so vague infact Andres answered with a possible engine to do that. — Davide Lorenzo MARINO, Jan 08 '16 at 10:32
I'm sure in due time you will see the error in that and start to actually read the things you don't want to read right now - which is the rest of the responses and the possible duplicate I flagged. — Gimby, Jan 08 '16 at 10:35

score 1 · Accepted Answer · answered Jan 08 '16 at 09:58

1

You cannot disable HttpSession on a servlet container, like Tomcat.

Maybe Play framework would be a good approach for implementing your design.

answered Jan 08 '16 at 09:58

Andres

10,561
4
45
63

Thanks I will take a look of it – Davide Lorenzo MARINO Jan 08 '16 at 09:58

cassiomolin · Answer 2 · 2016-01-08T10:40:49.210

1

You can't completely disable the HttpSession.

But you can ensure a HttpSession won't be created in your application. To do it, ensure the following methods are not being invoked (by yourself or by the frameworks you are using):

HttpServletRequest.getSession()
HttpServletRequest.getSession(boolean) with true

Microservices is an architecture design principle. If you want to use Spring, there's a guide you can follow.

edited Jan 08 '16 at 10:40

answered Jan 08 '16 at 10:00

cassiomolin

124,154
35
280
359

I called request.getSession(false) and it returns a session also if no other request has been done. – Davide Lorenzo MARINO Jan 08 '16 at 10:01
1

Then the session has been created elsewhere. Are the rest services embedded in an application that opened the session? – thst Jan 08 '16 at 10:03
1

@DavideLorenzoMARINO Have a look at the [documentation](http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html#getSession-boolean-): *If `create` is `false` and the request has no valid `HttpSession`, this method returns `null`*. So, I believe your session is being create elsewhere. Isn't your framework doing it for you? – cassiomolin Jan 08 '16 at 10:06
1

I tried again with a simpler example and the session was not created. You @Cassio are right thanks – Davide Lorenzo MARINO Jan 08 '16 at 10:34

Disable HTTPSession for stateless web services

2 Answers2

Linked