Details
-
Suggestion
-
Resolution: Answered
-
None
-
None
-
confluence cluster
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Confluence right now automatically starts an http session for every user, even when the user is an anonymous:
Set-Cookie JSESSIONID=1229FBF0BD48428674BD67237ACCEBF6; Path=/
This is:
- not necessary
- consumes some server side resources
- complicates front-end caching strategies
For us the last one is the most significant. If we put an http accelerator like Varnish in front of confluence and let it handle all the anonymous requests, for security reasons we need to strip all the cached responses of the session information. This however means that every time varnish experiences a cache miss, it will go to the backend with a request that confluence will create a new session for. This way confluence can easily force the container to create thousands of http sessions that will never be used again.
Attachments
Issue Links
- relates to
-
CONFCLOUD-15024 Do Not Use HTTP Session for Anonymous Users
- Closed