2015-07-10 20:37 GMT+02:00 rgm <str...@rgm.nu>: > Using Struts 2.3.20.1. > > We have a long-running token-protected (for CSRF) action that can take up > to about 30 seconds sometimes. When this action is running on behalf of > "Alice", the "List Users" page for all other people on the system such as > Bob and Charlie is hung, because the List Users page is trying to show > whether or not "Alice" is logged in by accessing properties of her HTTP > session. > > Is it necessary for TokenInterceptor to hold onto the session lock for the > entire action invocation?
It is. It's the only way to be sure that we do not have duplicated submits for the same token Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
