You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Sitaram Reddy (JIRA)" <ji...@apache.org> on 2008/12/02 18:39:37 UTC
[jira] Updated: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sitaram Reddy updated WW-2902:
------------------------------
Description:
I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
was:
I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
I found that the session Map is thread dependant and so the above block is essentially not synchronized! An previous bug WW-1786 also points out that the block is not synchronized - that fix would be redundant once this issue is resolved.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.