Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-33

avoid needlessly creating sessions



    • Improvement
    • Resolution: Unresolved
    • Medium
    • None
    • None
    • None
    • true


      seraph (not sure about the version. this is with JIRA 2.5.2) always creates a session, even when this isn't necessary.

      I've got a page that I've added to a JIRA install. this page doesn't require any special permissions or roles. I expect this
      page to get lots of hits, and I further expect it to change fairly infrequently, making it a perfect candidate for caching.
      I'm also using resin, which has some nice caching features built in. However, any request that acquires a session is
      considered by resin to be uncacheable, so this nice plan falls apart.

      the basic problem is that seraph's SecurityFilter calls getUser() on a DefaultAuthenticator. there are several calls to
      request.getSession(), which creates a session if one didn't previously exist.

      better would be to be a little more careful, and use getSession(false) in the cases where you don't absolutely need to
      create a session. at some point, for some pages, you'll need to create a session (to store the saved URL, for example)
      but for other pages there's never any use for the session, so one shouldn't be created.




            Unassigned Unassigned
            28a9e6a89167 joe dane
            1 Vote for this issue
            1 Start watching this issue


              11 years, 30 weeks, 1 day ago