struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (WW-3895) Synchronization on HttpSession object
Date Fri, 22 Aug 2014 15:26:12 GMT


ASF subversion and git services commented on WW-3895:

Commit eecd907638d223a74b91a944476c11750adac4ab in struts's branch refs/heads/develop from
[;h=eecd907 ]

WW-3895 Uses session id for synchronisation

> Synchronization on HttpSession object
> -------------------------------------
>                 Key: WW-3895
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions:
>            Reporter: Patrick Cavanaugh
>             Fix For: 2.3.18
> I noticed that in the fix for WW-3865 (and in current code), synchronization
is made based on the HttpSession object.
> According to
and , HttpSession isn't guaranteed by the specification
to be the same object each time getSession() is called and so the synchronization might not
work correctly. That post suggests synchronizing on the interned session ID instead. There
are might be other places in the codebase this would have to be changed too, and not just
in the TokenSessionInterceptor discussed in WW-3865.

This message was sent by Atlassian JIRA

View raw message