Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 760C7EAC5 for ; Mon, 7 Jan 2013 12:16:13 +0000 (UTC) Received: (qmail 86338 invoked by uid 500); 7 Jan 2013 12:16:13 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 86138 invoked by uid 500); 7 Jan 2013 12:16:13 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 86097 invoked by uid 99); 7 Jan 2013 12:16:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2013 12:16:12 +0000 Date: Mon, 7 Jan 2013 12:16:12 +0000 (UTC) From: "Donat Iszak (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (WW-3957) Multiple concurrent AJAX requests can collide MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-3957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13545837#comment-13545837 ] Donat Iszak commented on WW-3957: --------------------------------- I have found this mailing list archive. It describes the same as i have found: http://mail-archives.apache.org/mod_mbox/struts-dev/201105.mbox/%3C4108A48B618D4E9AB39FCA966F9A4D56@reclaimed%3E > Multiple concurrent AJAX requests can collide > --------------------------------------------- > > Key: WW-3957 > URL: https://issues.apache.org/jira/browse/WW-3957 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Portlet > Affects Versions: 2.3.8 > Environment: Liferay/Tomcat > Reporter: Donat Iszak > Fix For: 2.3.x > > > If there are multiple AJAX request in the same time (and same HTTP Session) they can somehow overwrite the concurrent thread's data (for example the result location). > Update: > There is no conflict when we use resource URL, but when we use the action URL the struts2 portlet plugin executes the interceptor stack twice: > - First in Action phase: This runs normally the action, and saves the full stack and response location to the http session. The PortletStateInterceptor saves the stack, the PortletResult saves the location. > - Second in Render phase: This phase restores the value stack and runs a dummy action (DirectRenderFromEventAction) which does noting but returns the previously saved response location from the session. > The problem is that key for the http session objects is a constant (Location: RENDER_DIRECT_LOCATION, Valuestack: STACK_FROM_EVENT_PHASE). > Let's see an example, when there are two concurrent thread A,B: > 1. A action phase (saves locationA to session(RENDER_DIRECT_LOCATION), saves stackA to session(STACK_FROM_EVENT_PHASE)) > 2. B action phase (saves locationB to session(RENDER_DIRECT_LOCATION), saves stackB to session(STACK_FROM_EVENT_PHASE), so it overwrites locationA, stackA!) > 3. A render phase (loads stackB, locationB from session. Returns/forwards to locationB) So it returns the response of the B thread too! > 4. B render phase (loads stackB, locationB from session. Returns/forwards to locationB) > Possible solution is to add the threadId to the session key (RENDER_DIRECT_LOCATION + ThreadId). This could cause a massive load to the session so some clever clean up needed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira