Can I turn off the HttpSession in web.xml?

Question

I would like to eliminate the HttpSession completely - can I do this in web.xml? I\'m sure there are container specific ways to do it (which is what crowds the search result

Answer 1

I use the following method for my RESTful app to remove any inadvertent session cookies from being created and used.

    1
    
        0
    

However, this does not turn off HttpSessions altogether. A session may still be created by the application inadvertently, even if it disappears in a minute and a rogue client may ignore the max-age request for the cookie as well.

The advantage of this approach is you don't need to change your application, just web.xml. I would recommend you create an HttpSessionListener that will log when a session is created or destroyed so you can track when it occurs.