Why set a JSP page session = “false” directive?

Question

I was wondering when you would want to set the following page directive in a JSP:

<%@ page session=\"false\" %>

I know that it prevents th

Answer 1

Ran into another use case in my production application, figured I'd share it here in case it helps somebody.

We have a Web UI app that protects most resources via session. However, some resources are protected by part of the web tier that sits in front of our app in our production deployment. Therefore, as far as the app is concerned, these resources are totally unprotected. Some of these "unprotected" resources are JSPs.

In the case where a user establishes a session on one of our protected resources, then makes an XHR call from the browser to one of the "unprotected" resources, we were hitting an issue where the container claims that an anonymous user is trying to access a session of user foo, thus stopping execution. Configuring the "unprotected" JSP to not use sessions got us around this problem.