有如下代码Model sessionModel = request.getSession().getAttribute("model");Model userModel = new Model();BeanUtils.copyProperties(userModel, sessionModel);if (sessionModel != null) {
userModel.setName("tony"); request.getSession().setArrtibute("model", userModel);
}以上代码有什么问题吗?
用安全检查工具,出现警告:线程共享对象 被reuqest.getSession 用setAttribute设置后,更新失败可能
怎么修改好呢?
userModel.setName("tony"); request.getSession().setArrtibute("model", userModel);
}以上代码有什么问题吗?
用安全检查工具,出现警告:线程共享对象 被reuqest.getSession 用setAttribute设置后,更新失败可能
怎么修改好呢?
就是这里啊, 这里应该怎么改, synchronized (tihs) {
request.getSession().setArrtibute("model", userModel);
}这样吗?我记得session,setAttribute 是线程安全的?userModel也是局部变量,也是线程安全啊
也就是
Model sessionModel = request.getSession().getAttribute("model");
和
request.getSession().setArrtibute("model", userModel);
之间的处理过程中,session的整合性不能保证参考一下
https://stackoverflow.com/questions/616601/is-httpsession-thread-safe-are-set-get-attribute-thread-safe-operations里面有一段摘自api的说明文字,你可以看看别人举的例子
Servlet 2.5 spec:
Multiple servlets executing request threads may have active access to the same session object at the same time. The container must ensure that manipulation of internal data structures representing the session attributes is performed in a threadsafe manner. The Developer has the responsibility for threadsafe access to the attribute objects themselves. This will protect the attribute collection inside the HttpSession object from concurrent access, eliminating the opportunity for an application to cause that collection to become corrupted.
谢谢回答我看了, 我把异步锁修饰(synchronized) 加到方法上了,领导让再想想有无其他方法我决定强行提交了