struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: TokenInterceptor locking HTTP session for entire action invocation?
Date Mon, 13 Jul 2015 11:26:53 GMT
2015-07-10 20:37 GMT+02:00 rgm <struts@rgm.nu>:
> Using Struts 2.3.20.1.
>
> We have a long-running token-protected (for CSRF) action that can take up
> to about 30 seconds sometimes.  When this action is running on behalf of
> "Alice", the "List Users" page for all other people on the system such as
> Bob and Charlie is hung, because the List Users page is trying to show
> whether or not "Alice" is logged in by accessing properties of her HTTP
> session.
>
> Is it necessary for TokenInterceptor to hold onto the session lock for the
> entire action invocation?

It is. It's the only way to be sure that we do not have duplicated
submits for the same token


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message