struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgm <str...@rgm.nu>
Subject TokenInterceptor locking HTTP session for entire action invocation?
Date Fri, 10 Jul 2015 17:40:10 GMT
Using Struts 2.3.20.1.

We have a long-running token-protected (for CSRF) action that can take up
to about 30 seconds sometimes.  When this action is running on behalf of
"Alice", the "List Users" page for all other people on the system such as
Bob and Charlie is hung, because the List Users page is trying to show
whether or not "Alice" is logged in by accessing properties of her HTTP
session.

Is it necessary for TokenInterceptor to hold onto the session lock for the
entire action invocation?

Sincerely,

rgm

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message