[
https://issues.apache.org/jira/browse/WW-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
S. VeyriƩ updated WW-3576:
--------------------------
Description:
Searching for a bug after some stress test (Exception on "getAttribute":
already invalidated session), I reviewed SessionMap.java.
Following WW-239, SessionMap has been made thread-safe.
All methods are like this :
public void doSomething() {
if (session == null) {
return;
}
synchronized (session) {
session.doSometing();
}
}
For example:
public void invalidate() {
if (session == null) {
return;
}
synchronized (session) {
session.invalidate();
session = null;
entries = null;
}
}
IMHO this is not thread-safe. With the example of invalidate(), if there is a
context switch just before the synchronized, the nullity is no more checked. If
another invalidate() is called at least a NPE can be thrown. There are probably
other side-effects like my exception problem.
As now Struts 2 only supports Java 5+, there is two ways to fix it :
* use a double-check-locking (DCL) and set session "volatile" (easy way)
* use java.util.concurrent instead of synchronized keyword
If you agree and choose one of those fixes, I can provide a patch.
For the moment, I don't know if my bug is resolved if we directly use javax
session, without this wrapper.
was:
Searching for a bug after some stress test (Exception on "getAttribute":
already invalidated session), I reviewed SessionMap.java.
Following WW-239, SessionMap has been made thread-safe.
All methods are like this :
public void doSomething() {
if (session == null) {
return;
}
synchronized (session) {
session.doSometing();
}
}
For example:
public void invalidate() {
if (session == null) {
return;
}
synchronized (session) {
session.invalidate();
session = null;
entries = null;
}
}
IMHO this is not thread-safe. With the example of invalidate(), if there is a
context switch just before the synchronized, the nullity is no more checked. If
another invalidate() is called at least a NPE can be thrown. There are probably
other side-effects like my exception problem).
As now Struts 2 only support Java 5+, there is two ways to fix it :
* use a double-check-locking (DCL) and set session "volatile" (easy way)
* use java.util.concurrent instead of synchronized keyword
If you agree and choose one of those fixes, I can provide a patch.
For the moment, I don't know if my bug is resolved if we directly use javax
session, without this wrapper.
> SessionMap is not thread-safe
> -----------------------------
>
> Key: WW-3576
> URL: https://issues.apache.org/jira/browse/WW-3576
> Project: Struts 2
> Issue Type: Bug
> Components: Other
> Affects Versions: 2.2.1
> Reporter: S. VeyriƩ
>
> Searching for a bug after some stress test (Exception on "getAttribute":
> already invalidated session), I reviewed SessionMap.java.
> Following WW-239, SessionMap has been made thread-safe.
> All methods are like this :
> public void doSomething() {
> if (session == null) {
> return;
> }
>
> synchronized (session) {
> session.doSometing();
> }
> }
> For example:
> public void invalidate() {
> if (session == null) {
> return;
> }
>
> synchronized (session) {
> session.invalidate();
> session = null;
> entries = null;
> }
> }
> IMHO this is not thread-safe. With the example of invalidate(), if there is a
> context switch just before the synchronized, the nullity is no more checked.
> If another invalidate() is called at least a NPE can be thrown. There are
> probably other side-effects like my exception problem.
> As now Struts 2 only supports Java 5+, there is two ways to fix it :
> * use a double-check-locking (DCL) and set session "volatile" (easy way)
> * use java.util.concurrent instead of synchronized keyword
> If you agree and choose one of those fixes, I can provide a patch.
> For the moment, I don't know if my bug is resolved if we directly use javax
> session, without this wrapper.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
