struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <>
Subject [jira] [Commented] (WW-3895) Synchronization on HttpSession object
Date Wed, 13 Aug 2014 18:54:14 GMT


Lukasz Lenart commented on WW-3895:

Looks like {{final Object lock = request.getSession().getId().intern(); }} is safe

> Synchronization on HttpSession object
> -------------------------------------
>                 Key: WW-3895
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions:
>            Reporter: Patrick Cavanaugh
>             Fix For: 2.3.18
> I noticed that in the fix for WW-3865 (and in current code), synchronization
is made based on the HttpSession object.
> According to
and , HttpSession isn't guaranteed by the specification
to be the same object each time getSession() is called and so the synchronization might not
work correctly. That post suggests synchronizing on the interned session ID instead. There
are might be other places in the codebase this would have to be changed too, and not just
in the TokenSessionInterceptor discussed in WW-3865.

This message was sent by Atlassian JIRA

View raw message