There are a couple of issues to consider here, firstly the one that
the spec currently takes care of; that is serialization of requests
delivered to a particular instance of a JSP, this is handled by the
<%@ page ... isthreadsafe="true|false" %> (which effective maps to
javax.servlet.SingleThreadModel). If it is "false" (implements
SimgleThreadModel) then individual requests dispatched to the
implementing
instance are serialized, if "true" then they may be dispatched
simultaneously.
(Note that a runtime is not required to maintain only a single instance
of
a given Servlet/JSP implementation, it may pool multiple instances and
multiplex dispatches of simultaneous requests between these
instances).
The other issue, and the one that neither Servlet or JSP deals with is
serialization of requests within the same "session".
Let's first establish some facts; the Servlet API does not make any
gaurantees about:
1) the thread safety of the HttpSession object
2) the preservation of object identity of the HttpSession object
between
multiple request dispatches.
Furthermore, in many/most interactions between clients and servers,
multiple
HTTP requests are typically made simultaneously to parallelise the
download
and in some cases better utilize the connection bandwidth ... (let's
not
rathole on this assertion, it's not relevant to this discussion).
Therefore
we should avoid serialization of requests in the same sesssion to
obtain
maximum parallelization (that's what I believe at least).
The main issue for the programmer/pape author to deal with is
synchronized
access to shared state, that is objects shared via the
HttpSession.putValue()
and getValue() API's, or and I *do not* recommend this, via
public/package
scoped static class fields.
In an environment where multiple Servlets/JSP in the same session are
sharing
mutable object state via the HttpSession, the mutable state must be
synchronized
in order to avoid unpredictable behavior, the easiest way to achieve
this is
to synchronize the getters/setters on the shared methods ...
Note that you *cannot* safely use the HttpSession object you obtain
from the
HttpServletRequest.getSession() to synchronize requests in the same
session
as there is no gaurantee that this is the same object shared by other
Servlets/
JSP's in the same session (esepcially when distributed across multiple
JVM's).
Although I agree that some of these synhronization issues may expose
themselves
to a page level author, many of them can be dealt with by the
(hopefully) more
sophisticated component developer. The solution is *not* to implement
any Servlet
level session synchronization, as this has huge performance issues ...
Rgds
- Larry Cable
begin:vcard
n:Cable;Laurence
x-mozilla-html:TRUE
(MS: UCUP02-201), 901 San Antonio Road,;Palo Alto;CA;94303;USA
org:Java Software
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Staff Engineer
tel;fax:408-863-3195
tel;work:408-343-1776
adr;quoted-printable:;;Sun Microsystems Inc.,=0D=0A=
x-mozilla-cpt:;0
fn:Laurence Cable
end:vcard
