Link Details

Link 118140 thumbnail
User 252611 avatar

By Thierry.Lefort
Published: Sep 23 2008 / 20:03

The session state management mechanism provided by the Servlets framework, HttpSession, makes it easy to create stateful applications, but it is also quite easy to misuse. Many Web applications that use HttpSession for mutable data (such as JavaBeans classes) do so with insufficient coordination, exposing themselves to a host of potential concurrency hazards.
  • 29
  • 0
  • 3775
  • 2


Add your comment
User 207620 avatar

tgautier replied ago:

0 votes Vote down Vote up Reply

I'm not sure how to vote on this - the techniques are valid - except the last solution listed as a "fix" isn't. A clustered web app will still suffer all the atomicity update problems - the synchronization has only happened at the single JVM level and thus is still just as broken in a clustered context as it was with multiple threads in a single JVM context.

Of course with a web app and a sticky load balancer, the situation is relatively unlikely to occur, but it is still not "correct". Overall Brian is of course entirely correct - the state model for HttpSession is pretty broken.

User 201036 avatar

kohlerm replied ago:

0 votes Vote down Vote up Reply

good article but the title is IMHO misleading

Add your comment

Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Apache Hadoop
Written by: Piotr Krewski
Featured Refcardz: Top Refcardz:
  1. Play
  2. Akka
  3. Design Patterns
  4. OO JS
  5. Cont. Delivery
  1. Play
  2. Java Performance
  3. Akka
  4. REST
  5. Java