Creating Stateless Apps
Creating Stateless Apps
The HttpSession object can easily be over used and used incorrectly by frameworks and developers to store state in your application. This can lead to memory issues and larger footprints on your application server. To become more stateless with your application you should remove calls to the HttpSession object.
ICS Stack Web Spring
The Church Java Stack provides 2 filters to help you accomplish this. They are:
The SessionUseWarningFilter will simply log an error and a stack trace to the log output but continue to work normally. This will help you find out how many calls or ties to the HttpSession your application may have without actually breaking your application.
The SessionlessFilter will throw an Exception if the HttpSession is accessed and cause your application to fail. This will completely prevent the HttpSession from being used and remove all state from that portion of your application. This filter should probably only be used if you have already used the SessionUseWarningFilter and are pretty sure you have most calls to HttpSession removed.
Enabling the Filters
To use one of these filters in your application simply add a filter and mapping to your web.xml file.
Removing Session use in Spring Security
You can remove HttpSession use in the Spring Security framework by using the create-session="stateless" attribute in your applicationContext.xml file.
Removing Session use in JSP Pages
JSP Pages by default will check session use and needs. You can remove JSP dependencies on the HttpSession by putting the following in your JSP pages as a page directive.
Session Dependencies with the Spring Flash Attributes
If your application is using Spring redirect attribute scope to handle 1 time display or other needs you may run into HttpSession issues depending on how you are using the redirect attributes. If you are using the Flash aspect of it Spring stores that information in the HttpSession and then cleans it up afterwards. This will cause problems if you enable the SessionlessFilter. There is an alternative approach though and that is using the non flash redirect attribute. This appends your info directly on the URL rather than in the session. This works well for messages and simple data needs but if you are trying to store a complex object graph on the flash scope you will probably need to use the session and flash attributes.
Change this code:
To this code to remove session dependencies