Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4730

TokenInterceptor synchronized on session.getId().intern()

    Details

    • Flags:
      Patch

      Description

      As already done on TokenSessionStoreInterceptor, TokenInterceptor's handleToken method need to be synchronized on "session.getId().intern()" instead of "session"

        Issue Links

          Activity

          Hide
          hudson Hudson added a comment -

          SUCCESS: Integrated in Jenkins build Struts-JDK7-master #581 (See https://builds.apache.org/job/Struts-JDK7-master/581/)
          WW-4730 Uses session.getId().intern() to properly lock down session (lukaszlenart: rev fc6ffba9cf08cbd709be89f7df3edc7475567e4e)

          • (edit) core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
          • (edit) core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
          Show
          hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Struts-JDK7-master #581 (See https://builds.apache.org/job/Struts-JDK7-master/581/ ) WW-4730 Uses session.getId().intern() to properly lock down session (lukaszlenart: rev fc6ffba9cf08cbd709be89f7df3edc7475567e4e) (edit) core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java (edit) core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit fc6ffba9cf08cbd709be89f7df3edc7475567e4e in struts's branch refs/heads/master from Lukasz Lenart
          [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=fc6ffba ]

          WW-4730 Uses session.getId().intern() to properly lock down session

          Show
          jira-bot ASF subversion and git services added a comment - Commit fc6ffba9cf08cbd709be89f7df3edc7475567e4e in struts's branch refs/heads/master from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=fc6ffba ] WW-4730 Uses session.getId().intern() to properly lock down session
          Hide
          simone.cordaro Simone Cordaro added a comment -

          Yes.
          Submitting twice an action, session object instances are different and not lock correctly. Action is invoked twice with success result.

          I have fixed this class on my project and now there are not duplicated action invokations.

          Show
          simone.cordaro Simone Cordaro added a comment - Yes. Submitting twice an action, session object instances are different and not lock correctly. Action is invoked twice with success result. I have fixed this class on my project and now there are not duplicated action invokations.
          Hide
          lukaszlenart Lukasz Lenart added a comment -

          Simone Cordaro did you observe any side-effects?

          Show
          lukaszlenart Lukasz Lenart added a comment - Simone Cordaro did you observe any side-effects?
          Hide
          simone.cordaro Simone Cordaro added a comment -

          line 147: synchronized (session.getId().intern()) {

          Show
          simone.cordaro Simone Cordaro added a comment - line 147: synchronized (session.getId().intern()) {

            People

            • Assignee:
              lukaszlenart Lukasz Lenart
              Reporter:
              simone.cordaro Simone Cordaro
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development