Link Details

The session state management mechanism provided by the Servlets framework, HttpSession, makes it easy to create stateful applications, but it is also quite easy to misuse. Many Web applications that use HttpSession for mutable data (such as JavaBeans classes) do so with insufficient coordination, exposing themselves to a host of potential concurrency hazards.

Posted by Thierry.Lefort  |   Sep 23 2008 / 20:03

Add your comment

Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.


User 207620 avatar

tgautier replied ago:

I'm not sure how to vote on this - the techniques are valid - except the last solution listed as a "fix" isn't. A clustered web app will still suffer all the atomicity update problems - the synchronization has only happened at the single JVM level and thus is still just as broken in a clustered context as it was with multiple threads in a single JVM context.

Of course with a web app and a sticky load balancer, the situation is relatively unlikely to occur, but it is still not "correct". Overall Brian is of course entirely correct - the state model for HttpSession is pretty broken.

Reply 0 votes
User 201036 avatar

kohlerm replied ago:

good article but the title is IMHO misleading

Reply 0 votes

Recommended Links

Written by: Ryan Knight
Featured Refcardz: Top Refcardz:
  1. Apache Hadoop
  2. Play
  3. Akka
  4. Debugging JavaScript
  5. Design Patterns
  1. Apache Hadoop
  2. REST
  3. Java
  4. Git
  5. Java Performance
Connect with DZone