Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Session Scope Masking

DZone's Guide to

Session Scope Masking

There are several reasons to override a connector's Session Handler in Mule Flow. Learn why and how to do this with this simple walkthrough.

· Integration Zone
Free Resource

Share, secure, distribute, control, and monetize your APIs with the platform built with performance, time-to-value, and growth in mind. Free 90 day trial 3Scale by Red Hat

When you declare a Session Property it will be propagated by default to other flows in the current application or a different application. This is so because the Session is serialized and added as a message attribute (named MULE_SESSION). So, if you make an HTTP outbound request, the receiver HTTP inbound will receive this property (you'll notice the MULE_SESSION HTTP header that contains the serialized session), and will make it accessible for the receiver flow.

There are at least two reasons for you to want to avoid this behavior:

  1. The first one is because you want to maintain the different processes independently, and you only want to use session scope to maintain that property reachable from the main flow itself and their sub-flows (referenced by flow-ref).

  2. The second one is for performance issues; you don't need (or want) to send the serialized session through the underlying transport in order to reduce the message size.

So if for this or any other reason you want to avoid having the session propagated through the outbound endpoint, then you need to override the connector's Session Handler, and use the NullSessionHandler.

For instance, for HTTP Transport, the connector should look like the following:

<http:connector name="httpConnector" >
<service-overrides sessionHandler="org.mule.session.NullSessionHandler"/>
</http:connector>

Even when you configure the connector to avoid sending the session as part of the message, this property could be created if there is a different outbound endpoint which connector doesn't use a NullSessionHandler.

In that case, you'll need to add a transformer that removes the MULE_SESSION outbound property from the message, so it doesn't propagate to other outbound or as part of the response to the original request.

The transformer should look like the following:

<message-properties-transformer name="removeSession">
<delete-message-property key="MULE_SESSION" />
</message-properties-transformer>

Discover how you can achielve enterpriese agility with microservices and API management

Topics:
mule flow ,integration ,mule ,scopes

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}