[ https://issues.apache.org/jira/browse/WW-3957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13545836#comment-13545836
]
Donat Iszak commented on WW-3957:
---------------------------------
I have found the problem and updated the description.
About the example: there is a pretty simple way to reproduce the bug, without any ajax magic.
Deploy a portlet (struts2-portlet.war will be good) to liferay (or else) .
Create a static html with a few <iframe> referencing to different struts actions (you
can copy the portlet's action urls from the browser/page source).
When you open the static html on your browser you will see that the content of the iframes
will be different than expected (maybe a few refresh needed).
> Multiple concurrent AJAX requests can collide
> ---------------------------------------------
>
> Key: WW-3957
> URL: https://issues.apache.org/jira/browse/WW-3957
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Portlet
> Affects Versions: 2.3.8
> Environment: Liferay/Tomcat
> Reporter: Donat Iszak
> Fix For: 2.3.x
>
>
> If there are multiple AJAX request in the same time (and same HTTP Session) they can
somehow overwrite the concurrent thread's data (for example the result location).
> There is no conflict when we use resource URL, but when we use the action URL the struts2
portlet plugin executes the interceptor stack twice:
> - First in Action phase: This runs normally the action, and saves the full stack and
response location to the http session. The PortletStateInterceptor saves the stack, the PortletResult
saves the location.
> - Second in Render phase: This phase restores the value stack and runs a dummy action
(DirectRenderFromEventAction) which does noting but returns the previously saved response
location from the session.
> The problem is that key for the http session objects is a constant (Location: RENDER_DIRECT_LOCATION,
Valuestack: STACK_FROM_EVENT_PHASE).
> Let's see an example, when there are two concurrent thread A,B:
> 1. A action phase (saves locationA to session(RENDER_DIRECT_LOCATION), saves stackA
to session(STACK_FROM_EVENT_PHASE))
> 2. B action phase (saves locationB to session(RENDER_DIRECT_LOCATION), saves stackB to
session(STACK_FROM_EVENT_PHASE), so it overwrites locationA, stackA!)
> 3. A render phase (loads stackB, locationB from session. Returns/forwards to locationB)
So it returns the response of the B thread too!
> 4. B render phase (loads stackB, locationB from session. Returns/forwards to locationB)
> Possible solution is to add the threadId to the session key (RENDER_DIRECT_LOCATION +
ThreadId). This could cause a massive load to the session so some clever clean up needed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|