Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-27047

JIRA creates sessions for "stateless" requests

XMLWordPrintable

      This issue deals with how JIRA manages HTTP sessions for stateless requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers.

      JIRA creates a session for every request that does not already belong to a session. This creates problems on servers where the REST and SOAP APIs are used extensively.

      With the REST API we encourage people to use BASIC authentication, which is supposed to be stateless. However, we end up creating a new session for each request that is authenticated with basic. This can strain the server unnecessarily.

      See JRJC-47 for a case where this has been reported. To fix this we need to make at least the following changes:

      • JIRA should not create a new session for requests that authenticate using basic auth
      • JIRA should not create a new session for unauthenticated REST requests

              Unassigned Unassigned
              lmiranda Luis Miranda (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: