struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject Re: TokenInterceptor locking HTTP session for entire action invocation?
Date Mon, 13 Jul 2015 11:26:53 GMT
2015-07-10 20:37 GMT+02:00 rgm <>:
> Using Struts
> We have a long-running token-protected (for CSRF) action that can take up
> to about 30 seconds sometimes.  When this action is running on behalf of
> "Alice", the "List Users" page for all other people on the system such as
> Bob and Charlie is hung, because the List Users page is trying to show
> whether or not "Alice" is logged in by accessing properties of her HTTP
> session.
> Is it necessary for TokenInterceptor to hold onto the session lock for the
> entire action invocation?

It is. It's the only way to be sure that we do not have duplicated
submits for the same token

+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message