[
https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45111#action_45111
]
Sitaram Reddy commented on WW-2902:
-----------------------------------
In the above comment I said, have ActionContext.getContext().getSession()
return an object that has SESSION scope. To be precise, what I mean is to have
ActionContext maintain at the SESSION scope the object it stores in its context
Map using the key "SESSION". I understand this contradicts what the javadoc for
the class ActionContext says: The ActionContext is thread local which means
that values stored in the ActionContext are unique per thread. I'll leave it to
the Struts gurus to resolve the conflict as thay see fit :-)
> Session token usage error: java.lang.IllegalStateException: Context has not
> been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In
> TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is
> not a unique object across requests within an user session - in contrast with
> the HttpSession object provided by the Servlet API. Perhaps that should be
> considered the real bug?
> A previous bug WW-1786 also points out that the above block is not
> synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
