Hi
HttpServletRequest#getSession() of Tomcat4.0.3 returns a different session instance.
For example, if you write following code in Action#perform or Action#execute:
HttpSession session1 = req.getSession();
HttpSession session2 = req.getSession();
System.out.println("session1="+session1);
System.out.println("session2="+session2);
System.out.println(session1==session2);
you will get a following result:
session1=org.apache.catalina.session.StandardSessionFacade@7cd37a
session1=org.apache.catalina.session.StandardSessionFacade@202d69
false
This means that the session instance returned by HttpServletRequest#getSession()
can not be used as thread lock monitor.
But in Action#isTokenValid(HttpServletRequest request, boolean reset) of Struts1.1b,
session instance is used as thread lock monitor.
Does this method work correctly when a submit button is quickly pushed twice?
-----------------
protected boolean isTokenValid(HttpServletRequest request, boolean reset) {
// Retrieve the current session for this request
HttpSession session = request.getSession(false);
if (session == null)
return (false);
synchronized (session) {
// Retrieve the transaction token from this session, and
// reset it if requested
String saved = (String)
session.getAttribute(TRANSACTION_TOKEN_KEY);
if (saved == null)
return (false);
if (reset)
session.removeAttribute(TRANSACTION_TOKEN_KEY);
// Retrieve the transaction token included in this request
String token = (String) request.getParameter(Constants.TOKEN_KEY);
if (token == null)
return (false);
// Do the values match?
return (saved.equals(token));
}
}
---------------------
Best regards,
/**
* Hiroshi Fujimura
* @e-mail [EMAIL PROTECTED]
* @version 0.9.1b :-)
*/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
