0

I would like to totally disable session creation and management in my web app to eradicate the memory (and other resource) usage currently associated with Tomcat's standard session manager. This includes disabling sesison cookies and/or url rewriting as, if I'm succesful, there will be no sessions to track.

My web application has a single servlet that passes the xml it receives to an API/engine. This engine can run inside or outside a servlet container and it creates, tracks and manages sessions in its own way. I have zero need for the sessions in Tomcat and I'd like to reduce to the barest minimum the resources Tomcat uses for session management.

I ran some searches on the topic. The searches came up with some topics, including some on this website. It appears that the tightest way to address this issue is to create your own Manager implementation that, bascially, provides an 'empty' implementation that does the barest minimum. (There were some alternative suggestions but I found them to be relatively weak. These suggestions included "just don't call getSession()", and "set the 'cookies' attribute of a context to false". I think implementing a session manager that does what I want is better than these suggestions and it is the path I have elected to go down.)

Given this information, that rolling your own session manager is a good way to go, I then downloaded the Tomcat source code to take a look at code related to a Manager implementation. It all looks doable but it looks like a few hours work for me to come up with my attempt at a sesssion manager. Before committing to that path and the work involved, I thought I'd put it out there - Does anyone have a minimal session manager implementation for Tomcat they can share? One that does nothing would be best, but I'll take anything including tips and battle stories from anyone who has written their own session manager. I am working with Tomcat 6.

Tomasz Nurkiewicz
  • 334,321
  • 69
  • 703
  • 674
user1806029
  • 101
  • 1
  • 5
  • I argue that "*just don't call `getSession()`*" is a good approach. Servlet container won't create any sessions if not asked to do so (remember about JSPs though). Also no-op session manager might break some existing code (but not necessarily your application) – Tomasz Nurkiewicz Nov 18 '12 at 12:07
  • So you prefer that the app calls getSession(), which will create no session, instead of not calling getSession(). Why? – Assen Kolov Nov 18 '12 at 12:07
  • Aren't there any alternatives to tomcat then? It sounds like you have a very basic application, so a more basic servlet container could suit your needs better than an intentionally crippled tomcat. – kapex Nov 18 '12 at 12:08
  • Ah yes. The "why do you want to do it like this instead of that" brigade lol. I could have posted that I was going with one of the other suggestions and I would still have had responses asking "why don't you just create your own Manager implementation". Thanks but no thanks guys. I'm looking for responses from individuals who have implemented a Manager for Tomcat not guys who want to tell me I'm wrong because I'm not thinking about things like them. I'm implementing a Manager, I'm interested in hearing from anyone who has done same and can possibly help me get it done quicker. Simple. – user1806029 Nov 18 '12 at 14:54

0 Answers0