Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2324

RESTEasy client should disable Apache Http Client cookie management feature by default

    Details

      Description

      All RESTEasy client instances provide support for cookie management as a browser would do.

      To my opinion there are few problems with enabling this by default:

      • JAX-RS is used to build stateless application, so it's a bit weird to have cookie state management enabled by default
      • Since Clients are heavy weight objetcs, for performance reasons, JAX-RS advises us to create as little as possible and instead reuse them.
        So if I create a single Client instance in my server application and if I reuse it for all users connected to my application to make request to any other API sending cookies, then:
      • 1st unexpected point: cookies will be stored in my server through the client
      • second one, all users will share the same cookies.
        This behavior can be confusing for user since it is RESTEasy specific and not mentionned in JAX-RS spec.

      So even if cookie management is a nice feature, for all previous reasons I propose to disable it by default and let user choose if he wants it to be enabled or not.

      WDYT ?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                asoldano Alessio Soldano
                Reporter:
                nicolas.n Nicolas NESMON
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: