Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-33

avoid needlessly creating sessions

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • true

      seraph (not sure about the version. this is with JIRA 2.5.2) always creates a session, even when this isn't necessary.

      I've got a page that I've added to a JIRA install. this page doesn't require any special permissions or roles. I expect this
      page to get lots of hits, and I further expect it to change fairly infrequently, making it a perfect candidate for caching.
      I'm also using resin, which has some nice caching features built in. However, any request that acquires a session is
      considered by resin to be uncacheable, so this nice plan falls apart.

      the basic problem is that seraph's SecurityFilter calls getUser() on a DefaultAuthenticator. there are several calls to
      request.getSession(), which creates a session if one didn't previously exist.

      better would be to be a little more careful, and use getSession(false) in the cases where you don't absolutely need to
      create a session. at some point, for some pages, you'll need to create a session (to store the saved URL, for example)
      but for other pages there's never any use for the session, so one shouldn't be created.

              Unassigned Unassigned
              28a9e6a89167 joe dane
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                12 years, 44 weeks, 3 days ago