Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3957

Multiple concurrent AJAX requests can collide

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.8
    • Fix Version/s: 2.5.8
    • Component/s: Plugin - Portlet
    • Labels:
      None
    • Environment:

      Liferay/Tomcat

      Description

      If there are multiple AJAX request in the same time (and same HTTP Session) they can somehow overwrite the concurrent thread's data (for example the result location).

      Update:
      There is no conflict when we use resource URL, but when we use the action URL the struts2 portlet plugin executes the interceptor stack twice:

      • First in Action phase: This runs normally the action, and saves the full stack and response location to the http session. The PortletStateInterceptor saves the stack, the PortletResult saves the location.
      • Second in Render phase: This phase restores the value stack and runs a dummy action (DirectRenderFromEventAction) which does noting but returns the previously saved response location from the session.

      The problem is that key for the http session objects is a constant (Location: RENDER_DIRECT_LOCATION, Valuestack: STACK_FROM_EVENT_PHASE).

      Let's see an example, when there are two concurrent thread A,B:
      1. A action phase (saves locationA to session(RENDER_DIRECT_LOCATION), saves stackA to session(STACK_FROM_EVENT_PHASE))
      2. B action phase (saves locationB to session(RENDER_DIRECT_LOCATION), saves stackB to session(STACK_FROM_EVENT_PHASE), so it overwrites locationA, stackA!)
      3. A render phase (loads stackB, locationB from session. Returns/forwards to locationB) So it returns the response of the B thread too!
      4. B render phase (loads stackB, locationB from session. Returns/forwards to locationB)

      Possible solution is to add the threadId to the session key (RENDER_DIRECT_LOCATION + ThreadId). This could cause a massive load to the session so some clever clean up needed.

        Issue Links

          Activity

          Hide
          lukaszlenart Lukasz Lenart added a comment -

          Could you prepare a minimal Maven based example?

          Show
          lukaszlenart Lukasz Lenart added a comment - Could you prepare a minimal Maven based example?
          Hide
          idonat Donat Iszak added a comment - - edited

          I have found the problem and updated the description.

          About the example: there is a pretty simple way to reproduce the bug, without any ajax magic.
          Deploy a portlet (struts2-portlet.war will be good) to liferay (or else) .
          Create a static html with a few <iframe> referencing to different struts actions (you can copy the portlet's action urls from the browser/page source).
          When you open the static html in your browser you will see that the content of the iframes will be different than expected (maybe a few refresh needed).

          Show
          idonat Donat Iszak added a comment - - edited I have found the problem and updated the description. About the example: there is a pretty simple way to reproduce the bug, without any ajax magic. Deploy a portlet (struts2-portlet.war will be good) to liferay (or else) . Create a static html with a few <iframe> referencing to different struts actions (you can copy the portlet's action urls from the browser/page source). When you open the static html in your browser you will see that the content of the iframes will be different than expected (maybe a few refresh needed).
          Hide
          idonat Donat Iszak added a comment -

          I have found this mailing list archive. It describes the same as i have found:
          http://mail-archives.apache.org/mod_mbox/struts-dev/201105.mbox/%3C4108A48B618D4E9AB39FCA966F9A4D56@reclaimed%3E

          Show
          idonat Donat Iszak added a comment - I have found this mailing list archive. It describes the same as i have found: http://mail-archives.apache.org/mod_mbox/struts-dev/201105.mbox/%3C4108A48B618D4E9AB39FCA966F9A4D56@reclaimed%3E
          Hide
          lukaszlenart Lukasz Lenart added a comment -
          Show
          lukaszlenart Lukasz Lenart added a comment - Just for reference http://markmail.org/thread/kuhjodzjhlqh27wa
          Hide
          victorsosa victorsosa added a comment - - edited

          I think this was fixed on issue WW-4573 using a CopyOnWriteArrayList. This is to keep Memory consistency on the ValueStack.

          Location: RENDER_DIRECT_LOCATION is no managed but it is enough with the value stack and beside add more locking can affect performance.

          Do you think this could be the fix?

          Show
          victorsosa victorsosa added a comment - - edited I think this was fixed on issue WW-4573 using a CopyOnWriteArrayList. This is to keep Memory consistency on the ValueStack. Location: RENDER_DIRECT_LOCATION is no managed but it is enough with the value stack and beside add more locking can affect performance. Do you think this could be the fix?

            People

            • Assignee:
              Unassigned
              Reporter:
              idonat Donat Iszak
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development