The stateless filter overrides the standard session management and stores session data outside of the J2EE server. This allows to set up load-balanced application quickly, without using session stickyness or cluster configuration. The filter supports pluggable backends. Current ones are :

Note that the session can be stored partially on each backend. For e-commerce applications, basket data can be stored in an encryted cookie with unlimited life time, while account informations are stored in memcache.

How it works


This filter is still in a beta status. Feel free to test it and report success and issues.


  • Same configuration on all J2EE servers.
  • Can use simple loadbalancers (does not require sticky sessions)
  • 1:1 scalability with cookies.
  • Reduced memory usage because no session data are stored on the server.
  • Developpers can restart server without loosing their session.
  • Help to detect clustering issues during developpment.


  • Higher CPU usage.
  • Not a standard mechanism.
  • When data are stored on the client side, there is a security issue. Always use aescookie for encryption. If your key is compromised, an attacker will be able to inject data and code within your application.
  • Same constraints than clustering : session objects must be Serializable and session#setAttributes() should be called for efficient change detection.