Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-15024

Do Not Use HTTP Session for Anonymous Users

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Confluence right now automatically starts an http session for every user, even when the user is an anonymous:

      Set-Cookie	JSESSIONID=1229FBF0BD48428674BD67237ACCEBF6; Path=/

      This is:

      • not necessary
      • consumes some server side resources
      • complicates front-end caching strategies

      For us the last one is the most significant. If we put an http accelerator like Varnish in front of confluence and let it handle all the anonymous requests, for security reasons we need to strip all the cached responses of the session information. This however means that every time varnish experiences a cache miss, it will go to the backend with a request that confluence will create a new session for. This way confluence can easily force the container to create thousands of http sessions that will never be used again.

      Attachments

        Issue Links

          is related to

          Suggestion - CONFSERVER-15024 Do Not Use HTTP Session for Anonymous Users

          • Closed

          Activity

            People

              Unassigned Unassigned
              15d9a6950818 Igor Minar
              Votes:
              8 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: