Details
-
New Feature
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
0.5
-
Quasar
-
Puma Sprint 227, Puma Sprint 229, Puma Sprint 230
Description
When a request is for the Page Model API, it should never create an http session: typically the PMA request is done from XHR requests without cookies, hence creating an http session is pointless and adds many newly created http session which only get invalidated after, say 30 minutes when the http session expires.
This is very undesirable.
Therefor, start logging an ERROR in case an new http session is created while the request is for a Page Model API request. Also log the stack that created the http session
And finally, make sure to invalidate the session again since the PMA requests should not leave http sessions behind
Since this improvement is also meant for 14.2.0, we by default keep the old behavior by not logging an ERROR if http sessions are created since this might be an annoyance for existing projects that start to log errors (for example if some forge project component creates (faulty) an http session). By default for BC we have
hst.stateless.request.validation = false
The issue is related to HSTTWO-4597, since HSTTWO-4597 introduced supporting to serve the PMA preview for the channel manager over the host of the live website without http session but only a token