wicket/Jetty: avoid creation of new Http Sessions for liveness requests

Question

I'm developing a Wicket application (wicket 8) and for containerizing it, I'm adding a liveness endpoint like GET /probe/ which I handle in a dummy ProbeApplication (non-authenticating Application) returning an empty page. All goes OK, but for every request the Jetty framework creates a new HttpSession, returning to the first request

302 Found
Location: http://localhost:8888/probe/;jsessionid=node01t8hgfnbo8d8rgpyws9neqguv0.node0?0 

The session expiration takes hours (I want long sessions for my users), so application accumulates O(10k) empty Sessions which I'd like to avoid. Is there a way not to create a Session when handling certain type of requests and just return 200 OK?

P.S. I realized that I'm talking here not about wicket WebSession objects, but about HttpSession created by Jetty servlet container, and my application Session is also created. So the question should read like: how to invalidate Jetty HttpSession for particular endpoint at the end of request, or how to disable session tracking for it.

public class WebApplicationProbe extends WebApplication {   
@Override public Class<? extends WebPage> getHomePage() {
        return org.apache.wicket.util.tester.DummyHomePage.class;   }

@Override public final Session newSession(Request request, Response response) {
         WebSession ws = new WebSession(request) ;
         System.err.println("Created new web session");
         return ws ;     }
} 

Thanks!

Answer 1

In Jetty, the jakarta.servlet.http.HttpSession is only created if the application (or its libraries) requests a session to be created.

In other words, you have a call to either ...

• jakarta.servlet.http.HttpServletRequest.getSession(true)
• jakarta.servlet.http.HttpServletRequest.getSession()

If you change your probe to use jakarta.servlet.http.HttpServletRequest.getSession(false) then no HttpSession is created if one doesn't exist already.