HTTP Stateless Session help you to build stateless web application base on Java.
Stateless Session compliable with HttpSession.
What are the benefits of a stateless web application?
- Reduces memory usage.
- Easier to support server farms.
- Reduce session expiration problems.
Reference: [http://stackoverflow.com/questions/5539823/what-are-the-benefits-of-a-stateless-web-application] (http://stackoverflow.com/questions/5539823/what-are-the-benefits-of-a-stateless-web-application)
- Data total size cannot over 4KB, because all session data is storded in cookie.
- Data type must be String.
- commons-codec 1.7 or above
- gson 2.2.2 or above
<dependency>
<groupId>com.ctlok</groupId>
<artifactId>stateless-http-session</artifactId>
<version>1.2.4</version>
</dependency>
<filter>
<filter-name>statelessSessionFilter</filter-name>
<filter-class>com.ctlok.web.session.StatelessSessionFilter</filter-class>
<init-param>
<param-name>HMAC_SHA1_KEY</param-name>
<param-value>aDg3uE6t8X57bnFwcqRql8tvd</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>statelessSessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
HMAC_SHA1_KEY is a mandatory field for check session data is it modified.
If session data was modified by client, all session data will destroy and create a new session.
ENCRYPTION_SECRET_KEYis a secret key to encrypt session data. By default, session data is not encrypted.ENCRYPTION_IMPL_CLASSis a class name implementedcom.ctlok.web.session.crypto.Encryptor. Default:com.ctlok.web.session.crypto.AesEncryptor.SESSION_NAMEis a session cookie name. Default:SESSION.SESSION_MAX_AGEis a session cookie max age. Default:-1expire when browser closed.SESSION_PATHis a session cookie path on current domain. Default:/.SESSION_DOMAINis a session cookie domain. Default is null.
HttpSession session = request.getSession(true);
session.setAttribute("user", "lawrence");
session.getAttribute("user");