Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-27047

JIRA creates sessions for "stateless" requests

    XMLWordPrintable

Details

    Description

      This issue deals with how JIRA manages HTTP sessions for stateless requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers.

      JIRA creates a session for every request that does not already belong to a session. This creates problems on servers where the REST and SOAP APIs are used extensively.

      With the REST API we encourage people to use BASIC authentication, which is supposed to be stateless. However, we end up creating a new session for each request that is authenticated with basic. This can strain the server unnecessarily.

      See JRJC-47 for a case where this has been reported. To fix this we need to make at least the following changes:

      • JIRA should not create a new session for requests that authenticate using basic auth
      • JIRA should not create a new session for unauthenticated REST requests

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-27050 JIRA creates sessions for crawlers/bots

          • Medium - Medium priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-31322 REST session not terminated

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              lmiranda Luis Miranda (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: