Yesterday I recorded the problem with memory leak, which somehow is related to the HttpSessions. I believe that using a tool like a Session (which is for sure important) make us lazy.
When the system is slow, just put things on the session and everybody will be happy, but is it true? Absolutely not! Some day someone will come to your desk with a nice chart saying saying that your wonderfull application is consuming so much memory that they need to restart the server every two days.
And then what are you going to do? Once everything is binded to the session, your live will get difficult doesn't it? Well, before getting into a new project or storing your nice new object into the session take a look at subjects like REST or some frameworks like Play that avoid the use of session.
For example the framework Restlet do not supply you with any access to the session, and the Play "session" is a simple Cookie, which for sure is small enough to avoid any massive storage there.
Today I am little bit lazy, so here is a list of sites discussing it across the web (there are no state of the art, but you are all grown and can extract the best from it!):
- http://www.peej.co.uk/articles/no-sessions.html
- Web Based Session Management: Best practices in managing HTTP-based client sessions
- Common REST Mistakes
- REST and Session State
- ...