Hi Isomorphic,
our application works in serveral modes:
The other more automated types of accessing the system are request scoped and perhaps store information the ServletRequest, but not in a session.
Additionally EAI tools typically don't support sessions anyway, as this contradicts the REST-statelessness.
It seems though that you unintentionally create sessions as well for every DSRequest. This in turn results in the fact that all our API requests, which use DSRequests via RESTHandler also create a session.
Please have a look at DSRequest.trackTimings():
Here it is clearly wrong.
This also affects other parts of the framework:
These are the framework methods that call getSession() (without am explicit false-parameter. This also applies to getSession(true) calls):
Here you should be using HttpServletRequest.getSession(false) everywhere IMHO.
Can you have a look please and fix this if you agree.
Thank you & Best regards
Blama
our application works in serveral modes:
- Normal Login
- Cron Job or Quartz triggered jobs
- API access
The other more automated types of accessing the system are request scoped and perhaps store information the ServletRequest, but not in a session.
Additionally EAI tools typically don't support sessions anyway, as this contradicts the REST-statelessness.
It seems though that you unintentionally create sessions as well for every DSRequest. This in turn results in the fact that all our API requests, which use DSRequests via RESTHandler also create a session.
Please have a look at DSRequest.trackTimings():
Here it is clearly wrong.
This also affects other parts of the framework:
These are the framework methods that call getSession() (without am explicit false-parameter. This also applies to getSession(true) calls):
Here you should be using HttpServletRequest.getSession(false) everywhere IMHO.
Can you have a look please and fix this if you agree.
Thank you & Best regards
Blama
Comment