I have a usual website and created a folder “api”. You login and get a JWT Bearer-Token to access the (jsons-) endpoints A,B,C,… Nothing special so far.
But for each request to the endpoints, there will be a new session created, as we only get the JWT Bearer Token and not the CFID/CFTOKEN for the session. So, within a short time period, the server has to handle > 3000 Session until the timeout will hit (or like current the java heap space)
I am sure, I am not the first person here with such a problem - how do you handle it?
Create an Application.cfc in the api-folder and disable session management for the subfolder? Any way to merge the JWT Token and the Sessions?
Any other ideas?
I just put an /api folder with separate application.cfc wtih sessions turned off and just never called a session var, otherwise shares codebase (which takes both app types into account), we also have some flagging that flips a bit on sessionmanagment.
Oh man, now I’m going to go away and waste 3 hours on protyping the variations… #obsessed.
So if i create a session in one client, then another client comes, there is no session until they trigger something stored in session? (so no session placeholder until then? #makessense)