This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
It is suggested in the office that session should be absolutely forbid in clustering environment. The reason is synchronization among nodes cause overhead and problem. Any argument to support this opinion?
I personally disagree. Session is for stateless server to remember who the caller is. If you need to implement a stateful application, you have to "save" the user info somewhere, either on server, or client side and pass to server every time. Yes, session migration among nodes does introduce overhead, but it doesn't get rid of this issue w/out session: how about the cost to pass user identity and authenticate/authorize user for every request? If carefully designed, we can try to reduce the footprint of the session object so that the migration session won't be too expensive. In our FLEX application, our front end team pretty much cache everything on client side (is that good?) so that only the authentication token will be saved in session.
In addition, the session migration issue has been there for a while and I believe most of the application server should have a optimized way to deal w/ it.
I may overlook some important points to discourage session. Any suggestion?