Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-15024

Do Not Use HTTP Session for Anonymous Users

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Confluence right now automatically starts an http session for every user, even when the user is an anonymous:

      Set-Cookie	JSESSIONID=1229FBF0BD48428674BD67237ACCEBF6; Path=/

      This is:

      • not necessary
      • consumes some server side resources
      • complicates front-end caching strategies

      For us the last one is the most significant. If we put an http accelerator like Varnish in front of confluence and let it handle all the anonymous requests, for security reasons we need to strip all the cached responses of the session information. This however means that every time varnish experiences a cache miss, it will go to the backend with a request that confluence will create a new session for. This way confluence can easily force the container to create thousands of http sessions that will never be used again.

      Attachments

        Issue Links

          relates to

          Suggestion - CONFCLOUD-15024 Do Not Use HTTP Session for Anonymous Users

          • Closed

          Activity

            People

              Unassigned Unassigned
              15d9a6950818 Igor Minar
              Votes:
              8 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: