Originally posted by joe lin:
in my opinion,i don't think the cookieValue is used for security.
i think the cookieValue is only use for synchronize.so,as long as the cookieValue can perform the synchronized function well,it is enough!
do you think right?
Hi Joe,
I have to disagree with you here. The cookie is used for the locking behavior. Imagine that the following happens:
client X locks record 12 and gets cookie "12" client X reads record 12 and sees that it is not booked yet. client X updates record 12. It must pass the cookie as proof that it is the lock owner -> record 12 is now booked by client X. client Y comes in. It does not bother about locking. client Y updates record 12. It passes "12" in the cookie parameter, because it knows that the cookie is equal to the record number. record 12 is now illegally booked by client Y. Of course if you assume that all your clients behave nicely (unlike client Y in my example), it is not an issue. But the whole purpose of locking is security, so I think
you should prevent that clients abuse the system too easily.
Frans.