Guide for JCR session handling


In a J2EE environment there is usually a question how to deal with JCR sessions in respect to the http requests and/or the http sessions. basically we can distinguish 2 cases: personalized or anonymous access in respect to the jcr session. personalized means here, that a http users is mapped to a repository user (in order to enforce access control). further more it can be distinguished between read-only and read/write access. the later with an edge case where a session needs to keep the transient changes over several http requests (e.g. a JCR browser).

below some rules on how to use sessions, with the assumption that JCR sessions are not thread safe (as specified by JSR-170).

basic rules

read-only access, guest accounts

read-only access, personalized accounts

read/write access, personalized accounts

read/write access, transient mods

this is the only case where JCR sessions should be bound (but not stored in) http sessions.


JcrSessionHandling (last edited 2009-09-20 23:45:08 by localhost)