On 9/6/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote: > > > If your servlet container has a broken implementation of > > get/set attributes on an HttpSession, there is nothing that > > Struts can do to protect you from problems ... even providing > > synchronized locks around get/set calls would still not avoid > > problems caused by application logic, or logic inside the > > container itself, that would bypass it. > > > > Sounds like you need to get after the folks providing your > > container to fix this. > > since the Servlet spec leaves it up to the webapp to implement thread safe > setting and update of session objects I don't think I will find a safe > container out there :-(
When I was working on Tomcat a couple years ago , I can vouch for the fact that it did this correctly. I haven't looked at the latest version's sources, but I can't imagine they would have broken this -- it's too fundamental. Sure, struts can't save you from this, but struts could give you tools to > right cleaner webapps. And it would be 20 lines of code. Adding this to Struts would be: * Making applications *less* clean rather than more, because they would be adding a layer of complexity around an existing function provided by the platform APIs, without any corresponding improvement in ease of use to compensate. * Creating needless runtime overhead on containers that do not fail to handle get/set attribute safely. * Providing a false promise that using the utility methods protects you from this flaw in the container. It can't provide that guarantee. Regards > Leon Craig --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >