DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29060>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29060 synchronized block too small in method createSession class session/ManagerBase.java ------- Additional Comments From [EMAIL PROTECTED] 2004-05-18 13:48 ------- It's not speculation, I just read and understand what's in the code. The code synchronizes on the HashMap "sessions" when creating a new session. One of the reasons is to ensure that a newly generated sessionId is not used already. The code says: "// Guarantee uniqueness" Now assume thread A generates a new sessionId X, and a parallely running thread B creates the same sessionId X after A leaves the synchronized block but before A calls setId. Then B will not find this session in the HashMap "sessions" and use the same sessionId X as new. If you move the call to setId() inside the synchronized block, then the sessionId X is written into the HashMap before B is able to access the HashMap, so B will find X as already existing sessionId and generate another one. The proof is mathematically/logically. Of course this bug will only show up, if a) generateSessionId does not create unique sessionIDs b) and one thread is thrown off the CPU exactly between the end of the synchronized block and the next line or threads excuting in parallel on multi-CPU systems. Assumption b) is not under your control, so this might happen often, especially under high load. Assumption a) seems to be true, because in the existing code there is already the comment "// Guarantee uniqueness" and the author checks every newly generated sessionId for existence. javadoc says the author is Craig R. McClanahan. Maybe you could pass the information to him? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
