From a client:
quick side note: currently we use tapestry-spring-security integration for web security. In case a response.sendError(..) is called during the request the spring security filter will create a HttpSession storing the current security context for that error in the http session (default spring configuration behaviour for creating a HttpSession in a error case). This behaviour (currently we rely on that) caused a serious bottleneck for anonymous users as a lot of unnecessary HttpSessions were created and it was bascially triggered through the current ResourceStreamerImpl implementation and the call response.sendError(HttpServletResponse.SC_NOT_MODIFIED, "").
I contributed my own HttpSessionWorkaroundResourceStreamerImpl implementation were I just replaced the call response.sendError(HttpServletResponse.SC_NOT_MODIFIED, "") with response.setStatus(HttpServletResponse.SC_NOT_MODIFIED) and then we made another big performance jump. So my question: Wouldn't be response.setStatus(HttpServletResponse.SC_NOT_MODIFIED) "more" correct as it isn't an error (3xx<->5xx http codes)?