struts icon indicating copy to clipboard operation
struts copied to clipboard
verified publisher icon apache

Taking action invocation out of synchronized block on TokenSessionStoreInterceptor to reduce contention on the session id

Open lunalisk opened this issue 6 years ago • 3 comments

We recently ran into an issue with the TokenSessionStoreInterceptor due to it's synchronized block holding until the action invocation returns.

If a different action requires to check something related with the same session key, then this action must wait until the Interceptor releases the lock.

We believe the invocation should not be part of the synchronized block

lunalisk avatar Mar 01 '19 16:03 lunalisk

Hello @lunalisk .

It might not be safe to move the invocation outside of the synchronized block within the interceptor. The change in this PR appears to allow for potential concurrent/duplicate submits from the form with the valid token component.

The API docs say the token-mechanism ensures one-request-per-token, but someone from the Apache Struts Team will have to evaluate this PR and comment further.

A more complex solution separating the session-related synchronization and the token-related synchronization might be needed to achieve your desired result. We'll see what they say. :)

JCgH4164838Gh792C124B5 avatar Mar 02 '19 22:03 JCgH4164838Gh792C124B5

Coverage Status

Coverage increased (+0.0009%) to 48.396% when pulling 18dc30b73c726e2a47e32fe5afc3e0c00b933c95 on lunalisk:reduce-contention-tokenSessionStoreInterceptor into ce4f192676aeb433f8aa020977b62cda0fedf27b on apache:master.

coveralls avatar Mar 04 '19 06:03 coveralls

These are historical backgrounds to study for who would cracking at this PR:

yasserzamani avatar Mar 11 '19 13:03 yasserzamani