Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-33

avoid needlessly creating sessions

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Medium
    • Resolution: Unresolved
    • None
    • None
    • None
    • true

    Description

      seraph (not sure about the version. this is with JIRA 2.5.2) always creates a session, even when this isn't necessary.

      I've got a page that I've added to a JIRA install. this page doesn't require any special permissions or roles. I expect this
      page to get lots of hits, and I further expect it to change fairly infrequently, making it a perfect candidate for caching.
      I'm also using resin, which has some nice caching features built in. However, any request that acquires a session is
      considered by resin to be uncacheable, so this nice plan falls apart.

      the basic problem is that seraph's SecurityFilter calls getUser() on a DefaultAuthenticator. there are several calls to
      request.getSession(), which creates a session if one didn't previously exist.

      better would be to be a little more careful, and use getSession(false) in the cases where you don't absolutely need to
      create a session. at some point, for some pages, you'll need to create a session (to store the saved URL, for example)
      but for other pages there's never any use for the session, so one shouldn't be created.

      Attachments

        Activity

          People

            Unassigned Unassigned
            28a9e6a89167 joe dane
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              10 years, 24 weeks, 4 days ago