Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
1.09.00
-
None
Description
While doing some debugging today I noticed a session cookie is always created even if no session is used. This seems to be because JSPs by default create a session in case you need to use a session in a scriplet. Since IMO scriplets are a bad practice and creating sessions which are not being used a waste of server resources I propose to disable session creation from the archetype. (SW: from JR mail: "Some caching proxies do not cache pages in case a session cookie set in the response headers.")
See this nice post from 2008 about the subject.
http://www.techper.net/2008/07/21/a-jsp-file-always-creates-a-session/
You can reproduce this with the archetype.
Run the 7.9 archetype.
Use for instance curl to see the response headers of the homepage:
Before the change you would see:
$ curl -I http://localhost:8080/site/
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9709C9B84B6CC6553A276BD0E121A990; Path=/site/; HttpOnly
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 07 May 2014 13:08:34 GMT
After the change you should not see the Set-Cookie header.
Attachments
Issue Links
- causes
-
-
- Closed
-