This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Threading and Sessions

 
Muks Sam
Ranch Hand
Posts: 47
Java MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,


I have a question if somebody can help to clarify. Thanks in advance.

"Multiple servlets executing request threads may have access to a single session object at the same time", Does that mean that if care is not taken like synchronized access or something like that, any user can see the other's session data?

is this real?

Thanks

Muks
 
Jan Sterk
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Mukul Samak:
Hi,


I have a question if somebody can help to clarify. Thanks in advance.

"Multiple servlets executing request threads may have access to a single session object at the same time", Does that mean that if care is not taken like synchronized access or something like that, any user can see the other's session data?

is this real?

Thanks

Muks


Mukul, that statement refers to threads from multiple threads from the same client. A client can open multiple browser instances/tabs. He can make a request with one browser, and before the request is processed, he can make another request with another browser. If cookies are enabled, the container will associate the second request with the same session as the first request.
 
Kunal Jag
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session attributes are not thread-safe. For example, consider the following scenarios:
1. The user can open multiple browser windows, which under some configurations will all share the same cookies (thus, the same HttpSession object on the server).
2. Your page may also use frames, leading to the same problem.
3. Impatient users may hit the refresh button on your page, again resulting in the same problem -- multiple accesses by simultaneous requests to the same HttpSession object.

In order to safeguard from the race condition problem, you must provide synchronized access to session scoped attributes. However, synchronization should be used with care. Excess use of synchronized methods or blocks can introduce performance bottlenecks in the application. As a matter of good practice, keep the synchronized lock short.

Regards,
[ June 19, 2008: Message edited by: Kunal Jag ]
 
Vaibhav Sharma
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have one doubt here...

When we talk of user sending the request to same application from a new browser window, what actually do we mean by saying that ??

1.) By right clicking on the window to open a link from current session in new tab or window ?

Or,

2.) By opening new instance of the same User Agent(IE or Mozilla), and sending a fresh login request ??

Because in second case I have found that sometimes when we login with different account on same application... it actually allows us to do so..In a sense we are maintaining 2 different sessions from 2 different instances of the same User Agent.

Please help me get clarity over this ...
 
Paul Clapham
Sheriff
Posts: 21567
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It could be either. And what you have found corresponds exactly with what Kunal said, doesn't it?
The user can open multiple browser windows, which under some configurations will all share the same cookies.
Not only that, you have added some detail to that statement. So I'm not clear on what your question is. You seem to have analyzed the situation well enough.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic