• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session attributes' thread safety

 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session attributes are thread safe if cookies are disabled.

This is a conclusion I've come to....does any one disagree?
 
Celinio Fernandes
Ranch Hand
Posts: 549
Eclipse IDE Google Web Toolkit Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They are not thread safe. Why do you say they are if cookies are disabled ?
 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's why I thought so:
When we think about thread safety of session attributes, we generally choose to synchronize on the HttpSession object....but why do we do that?....because the same user can open up another browser window and, since cookies are enabled, he would have the same session....therefore the attributes for this session are not thread safe....but if cookies are disabled(and URL rewriting does the trick), the session is maintained for the user as long as he is in the same browser window....opening up a different window won't fetch the same session for him....you could try it out if you want.

That taken into consideration, isn't the sentence originally posted fair enough?
[ December 18, 2006: Message edited by: Sayak Banerjee ]
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I see a bit of confusion here in your words ... First of all, as simple as that ... when the spec says session attributes are not threadsafe, it is NOT thread-safe No doubt

Here is my piece of justification for you ...

Servlets/JSPs are server side components and the Specification talks about the server side only. Cookies are enabled/disabled on client side BY THAT USER AND IS NOT GENERIC FOR ALL USERS.

So you disabling your cookies (in your browser) doesn't mean every user's session is threadsafe. Another user in another system, having his browser with cookies enabled - what is the scenario there?

We talk about web application design in generic. To talk generic, think from server's point of view. When spec. talks of session it talks from the server's perspective.

Hope you got me. If not, tell me. I will explain again.
 
Ali Gohar
Ranch Hand
Posts: 572
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Manikandan,

Yes you are right but i think Sayak has tried to explain the logic why the Session is not thread safe. As cookies enabling/disabling is totally dependent upon per user basis so we can't say anything for sure thats why session object is not thread safe.

However, can anybody tell that the logic sayak has provided behind this concept is right or wrong?

Thanks
 
prashanth kumar
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have a look at thisURL

HTH
Prashanth

[ December 19, 2006: Message edited by: prashanth kumar ]
[ December 19, 2006: Message edited by: prashanth kumar ]
 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well Prashanth, that URL definitely helped....I had initially asked the question to clarify the statement above....not only is that clarified, but I found that it can be used as a workaround for some situations as well....but there's also a mention of a server setting for whatever server you use that allows you to disable it setting session cookies from the server side....with Tomcat, you have to create a Context tag in server.xml for the web app and set: cookies="false".....that's cool
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic