Disable session scope or immediately timeout sessions hitting API calls

Description

I noticed while testing the ForgeBox API that every request creates a new ColdFusion sessions which makes perfect sense. To reduce wasted memory, the ForgeBox site should not keep any session data alive if the request is hitting a page that starts with /api. A process making thousands of API calls would be creating thousands of sessions. Ideally, the session scope doesn't even need to be enabled for API calls, but I'm not sure if the site will error without the session scope.

Fixed

Assignee

Unassigned

Reporter

Brad Wood

Labels

None

Components

Fix versions

Affects versions

None

Priority

Major
Configure