Can I turn off the HttpSession in web.xml?

Question

I would like to eliminate the HttpSession completely - can I do this in web.xml? I\'m sure there are container specific ways to do it (which is what crowds the search result

Answer 1

In Spring Security 3 with Java Config, you can use HttpSecurity.sessionManagement():

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

Xml looks like this;

By the way, the difference between NEVER and STATELESS

NEVER:Spring Security will never create an HttpSession, but will use the HttpSession if it already exists

STATELESS:Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext