Reputation: 22923
How do I avoid creating a session?
My setup is as follows
- A main application servlet accessible under /myApp/mainServlet/
- A little "hand made" soap proxy that adds security headers (usernames, passwords) to soap calls coming from a client
- A Flex client that talks to the main servlet (through a BlazeDS interface), and sends some soap calls to a third party through this soap proxy
The flex client has a session id which is set when it first talks to the main servlet and it returns a HTTP header such as "Set-Cookie: "JSESSION: something; Path=/myApp". This cookie is then sent the the server to inform of which session the client is associated to.
The problem is that the little soap proxy also returns a cookie with a session id (for each call made through it) - and the Flex client then uses these cookies when talking to the main servlet. These other session ids are unknown to it, and then of course nothing works ...
I do not want a session cookie to be returned from the soap proxy, and I have verified that the problem would be solved by doing so by telling an Apache front-end to strip all "Set-Cookie" headers coming from the soap proxy. Unfortunately (due to some setup restrictions), this is not a way I can go in production, and so I will need to fix it programmatically.
How can I make the servlet not try to set any session ids? I believe I have seen ways of telling Jetty (the app server) not to send sessions ids, but that would also affect the main servlet's ability to do so as well, and is also not portable.
The proxy servlet is a very basic Spring Controller (just implementing the interface), so basically just a bare bone servlet.
Upvotes: 1
Views: 1835
Answers (1)
Reputation: 5836
Removing the cookie can be done with res.setHeader("Set-Cookie", null);
Edit: It is good to know, that this removes all cookies, since they are all set in the same header.
I recommend that you don't do it in your servlet, a Filter is better, because it's less intrusive, something like:
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
HttpServletResponse res = (HttpServletResponse) response;
try
{
chain.doFilter(request, res);
}
finally
{
res.setHeader("Set-Cookie", null);
}
}
This solution is inspired by this article at randomcoder.
Upvotes: 3
Related Questions
- How to proved session in java using Flex with Blazeds?
- Keeping Java Server Session Live in Flex
- session management without cookies
- how to continue the session from the client side using FLEX
- Flex session parameters in Remote Object BlazeDS
- How can I run Flex/BlazeDS without dropping a JSessionId cookie?
- Duplicate Flex Sessions With Cross-Domain Requests
- Connecting non-flex client to server running blazeDS
- How do I do sessions with a Flash client?
- Login using Flex and PHP but how to handle session