Table of contents
- Making Web Applications Stateless
- Basic concept
- Features that depend on HTTP sessions
- How to implement the HTTP session-independent feature
- Using the local file system
- Detecting accidental creation of HTTP sessions
The HTTP session provided by the servlet API cannot be scaled out as it is because the AP server has its own state. Normally, you need to take the following measures to scale out the AP server.
- Enable sticky sessions in the load balancer
- use the session replication function of the AP server
- set the AP server’s HTTP session destination to NoSQL
1 and 2 are inferior in terms of ease of disposability, as referred to in the Twelve-Factor App, while 2 and 3 are dependent on the AP server.
Although some of the features used by Nablarch depend on HTTP sessions, they are by switching these features to HTTP session-independent ones, the The AP server can be made stateless.
The following features depend on the HTTP session by default.
You can remove dependence on HTTP sessions by configuring each function of Features that depend on HTTP sessions as follows.
Do not use the following components in thread context initialization.
Each of the following components can be substituted as implementations that do not use HTTP sessions.
If you store uploaded files and so on locally on the AP server, they will have state. In such a case, you need to prepare a shared storage space so that the AP server does not have files locally.
To prevent accidental creation of HTTP sessions due to a misconfiguration or an implementation error, a feature to detect the creation of HTTP sessions is provided. When this feature is enabled, an exception is sent when an attempt to create an HTTP session is made.
This feature can be enabled by setting the
preventSessionCreation property of the
true (disabled by default at
Specifically, the detection function can be enabled by writing the following in the configuration file that defines the components of WebFrontController.
<!-- handler queue configuration -->
<!-- Detecting accidental creation of HTTP sessions -->
<property name="preventSessionCreation" value="true" />