I can't set any session attributes, because I get a new HttpSession on every request. To validate this, I added <%=slingRequest.getSession().getId()%> to /apps/geometrixx/components/homepage/content.jsp. Now I can see the http session id on every request to http://localhost:4502/editor.html/content/geometrixx/en.html. And I can see, this Id changes for every request so it makes no sense to set any session attributes like request.getSession().setAttribute("...", "....").
Can anybody tell me, how to get a valid http session which does not change for every single request?
I know all the problems with dispatcher, sticky connections, ... But in my case the anonymous user can choose between different shops, and every single shop has different prices, different stock level, ..., but the URL of the product pages stays the same (the url does not change after you select another shop, but some values on the page must change). So I tried to save the selected shop (and also some other values the user can select) in the session. On the product page I request the non static values with an ajax request (the rest of the page can be cached in dispatcher) and in this request I read the selected values from the session. But as mentioned in the previous post I changed this behaviour and I save the selected values in a cookie now and it also works.
as has been mentioned REST principles specify each request should be stateless, which your http sessions breaks.
It should also be noted that by using an http session, you would need to maintain a sticky connection, as the session would only exist in the publish instance that created the session. You get no http session failover or replication with AEM.
Also, since you are going to the server for every request, you are bypassing dispatcher, this approach will not scale well and you would be better off trying to see if you can achieve your requirements using front end code.
It would be interesting to hear why you think you need to maintain a session, so we can see if there is an alternative.
Cases where I have see people want to maintain a session is with multi page forms, an alternative would be single page apps. Another is for commerce sessions, in this case the session is maintained in the ecommerce server and a token kept in cookie in the browser , so AEM never maintains state.