On 18.01.2018 06:37, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 1/17/18 4:31 PM, Mark Thomas wrote:
On 17/01/18 17:05, Christopher Schultz wrote:
All,
I have a use-case related to caching where I need to make sure
that an operation only happens one time with respect to an object
in the session. Basically, I want to build a cache and put it
into the session, but it needs to be thread-safe enough that two
threads can't see the object isn't there, build such an object,
and then put it into the session (thereby overwriting each
other).
...
Yeah, I figured that. Otherwise, multi-threading basically couldn't
happen. I'm surprised the servlet spec doesn't formally guarantee this
because practically speaking, it's a requirement.
....
It should always be the same object. Looking at the code, I don't
see any obvious holes.
For the record, relevant code includes:
o.a.catalina.connector.Request.getSession()
o.a.catalina.session.ManagerBase.createSession(String)
o.a.catalina.session.StandardSession.getSession()
Could this be something we could formally guarantee (via
documentation)? I'd like to lobby the servlet EG for the same
guarantee, but getting it done in Tomcat is more immediately valuable
for me :)
I'm not sure that this can be done in an unambiguous way, especially not
from the spec side: Assuming that objects might be serialized out to
disk (for memory reason, unused in 15 minutes but not yet expired,
cluster distribution etc) this would lead to quite a few disambiguities.
You say that your object creation should happen once per session - is
that per session AND machine? If creation of that object has side
effects, or the object itself has state, your scenario might only be
safe as long as there's no clustering / session replication involved,
but can't be assumed when it is.
I'd say your safest bet is to validate the current implementation's
behavior - e.g. your exact version of tomcat - and validate that it
doesn't change in future versions. Based on Mark's comments it doesn't
look like this is an area where tomcat's implementation would change
soon. I'd just not expect it to be over-specified in the servlet spec.
There's another argument that the servlet level might be the wrong level
for creation of expensive objects, and that it's better delegated to the
business layer. I can't judge that in your case, but quite often I've
seen the servlet layer overly used for business problems. I don't like
this a lot - your problem might be trivial to solve one or two layers down.
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
