Sessions

The client for whom I develop Web application has given a checklist where in they say <%@ page session="false" %> should be mentioned in all JSPs. The checklist was prepared by an architect who is no more with the company.

Any idea why they prevent JSPs from participating in sessions.

It's not possible for us to know what his (the architect's) intentions were when he made this decree.

If it's in the checklist of requirements handed to you by the client, I would ask the client. If THEY don't know why and they can't reach the architect to ask him, maybe the whole architecture should be revisited.

The thought of a group of developers building an app to specs that they don't understand for a client who understands the specs even less is disconcerting at best. Somebody should understand what's being built.

==================================

That being said...

People generally use that tag to enforce a policy of "no reliance on sessions".

Not using sessions helps to control memory usage. If you put a lot of large objects in every session and you have a site with a lot of traffic, your memory usage will climb fast.

It also helps to insure that the app will work in a distributed environment without having to set up session replication.

Also, if you're not using sessions, you don't have to worry about serializing them when you reboot the server.

The architect may have come up with another way of managing state which would make JSP sessions redundent.
[ January 29, 2005: Message edited by: Ben Souther ]

Thanks Ben.
I am maintaining the Web app that is built long ago.
The checklist is to be followed when we are adding new pages as part of enhancement work. Also the application will be scrapped after an year. So the clients dont care much about that architect or architecture.

I understood your explanations except the following point.
Can you elaborate on this?

"It also helps to insure that the app will work in a distributed environment without having to set up session replication. "

I understood your explanations except the following point.
Can you elaborate on this?
"It also helps to insure that the app will work in a distributed environment without having to set up session replication. "

If an app is distributed, or spread out over multiple servers, you need to either replicate the sessions (make sure every server has an up-to-date copy of all the sessions and their nested objects), or make sure that each user is always routed to the same server that their session started on (IP Load Balancing).
If you're not using sessions, none of this is an issue. You can spread your app out over as many machines as you like. You can also start and stop any any server you like without having to worry about cutting someone's session short.
[ January 29, 2005: Message edited by: Ben Souther ]

or more likely someone in upper management at some point heard that cookies are evil and that sessions use cookies and that therefore sessions should not be used.

However weird it sounds, that's exactly how strategic decision making in many companies happens with people who have no technical knowhow whatsoever making sweeping and binding technological decisions which have often disastrous consequences.

Originally posted by Jeroen Wenting:
or more likely someone in upper management at some point heard that cookies are evil and that sessions use cookies and that therefore sessions should not be used.

However weird it sounds, that's exactly how strategic decision making in many companies happens with people who have no technical knowhow whatsoever making sweeping and binding technological decisions which have often disastrous consequences.

AKA: Pointy Haired Boss

Which is why I recommend asking why such a policy exists.
If nobody can state a valid reason for it's existance, there might not be one.

Hi there,
I use the <%@ page session="false" %> command in my .jsp files mainly to check that there is a valid session (created at the start of the users login into the system).
All the best,
Kate!!

no Kate. That line is used to ensure that the JSP doesn't use sessions.

You use
<% if (session == null){ %> <!-- code if there's no session --> <% } %>

to check if there's a session and do something if there isn't (which normally doesn't happen with JSP as the JSP engine will automatically create a session if there isn't one unless you specifically tell it not to.