top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How can we prevent implicit session creation in JSP?

+1 vote
How can we prevent implicit session creation in JSP?
posted Aug 24, 2017 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Yes. You can.

For JSPs, by default a session is automatically created for the request if one does not exist. So if your starting page is a JSP, a session would have already been created when you get the first request.

However, sessions consume resources and if it is not necessary to maintain a session, one should not be created. For example, you have a html page uses mutilple frames and each frame connects to a JSP page, you only want one JSP to have session cross your application. You should not let other JSP page create sessions.

So if you are using a JSP as the starting point try adding this decaration to your page:

<%@ page session="false" %>

This will prevent a session from being created when a JSP is served.

From JavaServer Pages 1.2 Specification, the session indicates that the page requires participation in an (http) session. If "true" then the implicit script language variable named "session" of type javax.servlet.http.HttpSession reference the current/new session for the page. If "false" then the page does not participate in a session; the "session" implicit variable is unavailable, and any reference to it within the body of the JSP page is illegal and shall result in a fatal translation error. Default is "true".

answer Aug 31, 2017 by Manikandan J