Creating Stateless Apps

Creating Stateless Apps


The HttpSession object can easily be over used and used incorrectly by frameworks and developers to store state in your application. This can lead to memory issues and larger footprints on your application server. To become more stateless with your application you should remove calls to the HttpSession object.

ICS Stack Web Spring

The Church Java Stack provides 2 filters to help you accomplish this. They are:


The SessionUseWarningFilter will simply log an error and a stack trace to the log output but continue to work normally. This will help you find out how many calls or ties to the HttpSession your application may have without actually breaking your application.

The SessionlessFilter will throw an Exception if the HttpSession is accessed and cause your application to fail. This will completely prevent the HttpSession from being used and remove all state from that portion of your application. This filter should probably only be used if you have already used the SessionUseWarningFilter and are pretty sure you have most calls to HttpSession removed.

Enabling the Filters

To use one of these filters in your application simply add a filter and mapping to your web.xml file.



Removing Session use in Spring Security

You can remove HttpSession use in the Spring Security framework by using the create-session="stateless" attribute in your applicationContext.xml file.

<lds-account:wam create-session="stateless">

Removing Session use in JSP Pages

JSP Pages by default will check session use and needs. You can remove JSP dependencies on the HttpSession by putting the following in your JSP pages as a page directive.

<%@ page session="false" %>

Session Dependencies with the Spring Flash Attributes

If your application is using Spring redirect attribute scope to handle 1 time display or other needs you may run into HttpSession issues depending on how you are using the redirect attributes. If you are using the Flash aspect of it Spring stores that information in the HttpSession and then cleans it up afterwards. This will cause problems if you enable the SessionlessFilter. There is an alternative approach though and that is using the non flash redirect attribute. This appends your info directly on the URL rather than in the session. This works well for messages and simple data needs but if you are trying to store a complex object graph on the flash scope you will probably need to use the session and flash attributes.

Change this code:

redirectAttributes.addFlashAttribute("msg", "created");

To this code to remove session dependencies

redirectAttributes.addAttribute("msg", "created");

This page was last modified on 6 December 2013, at 10:56.

Note: Content found in this wiki may not always reflect official Church information. See Terms of Use.