3

Im currently reading Spring in Action 3rd edition, and have been experimenting with Spring MVC. Everything works well, until i tried to 'port' my example webapp to a stateless webapp.

To determine whether a session object is created, i placed a debugging servlet filter on /* URL mapping, which just print out the req.getSession(false), and continue the chain.

I tried changing all of my controllers' scope to request out naiveness, but of course, session is still created on a page/controller that binds the model to the form. I wonder how to achieve stateless Spring MVC ? Im out of luck for tutorials on this matter so far.

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
Bertie
  • 17,277
  • 45
  • 129
  • 182
  • 1
    Why does it matter? If nothing is stored in the session there's little or no state that actually matters. Are you trying to solve a specific issue? – Dave Newton Jan 01 '12 at 17:45
  • @Dave Newton: No, it's not a specific issue. Im just curious around the idea of how to make the simple example from the book to be totally stateless, which i read can be easier clustered. – Bertie Jan 02 '12 at 02:17
  • 1
    If there's nothing in session, then replication doesn't matter, except for a minor (likely very) performance hit. It's a rare app that is totally stateless, though, in my experience. – Dave Newton Jan 02 '12 at 02:21
  • @Dave Newton: I think i get your points now. Thanks ! – Bertie Jan 02 '12 at 02:50

2 Answers2

4

Make sure to have all the JSPs use

<%@page session="false" %>

else a session will be created as soon as a JSP is executed.

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
  • It's stated in here also : http://static.springsource.org/spring-security/site/faq.html#faq-unwanted-session-creation – Bertie Jan 02 '12 at 06:18
1

Accidental session creation is one of the most common sources of invalid bug reports in Spring Security (hence the FAQ you linked to in your comment above).

Spring Security's debugging filter can be useful if you're having issues with session creation. It will automatically log a message when a session is created, with a stacktrace inidicating where it happened. It also provides other useful information with more human-readable output that standard log entries, so is useful in a development environment. If you're using Spring Security's namespace support, you just need to add the element

<debug />

to your configuration.

Shaun the Sheep
  • 22,353
  • 1
  • 72
  • 100