tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <christopher.d.schu...@comcast.net>
Subject Re: Form Double Submit Detection
Date Tue, 28 Oct 2003 10:56:28 GMT
Justin,

> Agreed.  One word of caution...
 >
>> We actually synchronized on the session...
> 
> You aren't guaranteed to have the same HttpSession object for every 
> request -- HttpSession is an interface which is implemented internally 
> and wrapped by a facade.  Synchronizing on the actual object you get 
> from req.getSession() can potentially leave you synchronizing on totally 
> different objects.

Oh, hey. I never really thought of that, although I kinda knew it 
without ever giving it much thought. Does that mean that you can never 
have exclusive access to your own session?

Since the VM is allowed to play memory tricks when it thinks threads 
aren't related (which you can only do using memory barriers via 
synchronization), you can never be sure that the 'session' you're 
working with is in a consistent state or even valid. That's kinda scary. 
I'm guessing that in practical terms, there's rarely any reason to think 
that they're not predictable...

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message