2015-07-10 20:37 GMT+02:00 rgm <str...@rgm.nu>:
> Using Struts
> We have a long-running token-protected (for CSRF) action that can take up
> to about 30 seconds sometimes.  When this action is running on behalf of
> "Alice", the "List Users" page for all other people on the system such as
> Bob and Charlie is hung, because the List Users page is trying to show
> whether or not "Alice" is logged in by accessing properties of her HTTP
> session.
> Is it necessary for TokenInterceptor to hold onto the session lock for the
> entire action invocation?

It is. It's the only way to be sure that we do not have duplicated
submits for the same token

+ 48 606 323 122 http://www.lenart.org.pl/

To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to