NtlmHttpFilter creates many empty sessions when the client doesn't support cookies

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

NtlmHttpFilter creates many empty sessions when the client doesn't support cookies

Dunstan Tom
Hi all
 
We've got an application with a C# .Net front end calling some Java based web services at the back end. I've been investigating putting an NTLM authentication layer in rather than our existing basic authentication system.
 
In our application, we do not pass session cookies through to the back end, the entire thing is sessionless. When I added NtlmHttpFilter in front of a small test application and pointed a web service client at it, I discovered that for each request, an extra two tomcat sessions were created. We have had issues in the past with our application creating thousands of tomcat sessions when something was unnecessarily creating sessions, so it was something I was looking for.
 
Anyway, I had a peek in NtlmHttpFilter.java and hacked a little bit, and the attached patch is the result. It stops sessions getting created unnecessarily, and my test application has gone back to happily sitting on zero sessions. From searching the mailing list archives, it appears that the current behaviour was added for the loadBalancing feature, so I've attempted to keep it going when that feature is being used (ie it should still create a session if the loadBalancing option is switched on). I haven't tested it in any scenarios other than our fairly simple one here though, so someone with more familiarity with the code may want to review it. IMO a filter should never by default force a session to be created unless you've got a pretty good reason to.
 
Cheers
 
Tom
 


************************************************************************
The information in this e-mail together with any attachments is
intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material.
Any form of review, disclosure, modification, distribution
and/or publication of this e-mail message is prohibited.
If you have received this message in error, you are asked to
inform the sender as quickly as possible and delete this message
and any copies of this message from your computer and/or your
computer system network.
************************************************************************

NtlmHttpFilter.diff (2K) Download Attachment