You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Musachy Barroso (JIRA)" <ji...@apache.org> on 2008/12/02 19:11:37 UTC
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45104#action_45104 ]
Musachy Barroso commented on WW-2902:
-------------------------------------
Yes, a new object of type SessionMap is created that wraps the HttpSession object, synchronizing on that object is useless.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.