HttpServletRequest.getSession(true) 线程安全吗? [英] HttpServletRequest.getSession(true) thread safe?
问题描述
我看到很多关于 HttpSession 上的 setAttribute 和 getAttribute 方法是否是原子的问题.他们不是.但是,每个客户端对 request.getSession(true) 的实际调用是原子的吗?
I see a lot of questions concerning whether the setAttribute and getAttribute methods on HttpSession are atomic. They are not. But, is the actual call of request.getSession(true) atomic per client?
例如,如果您有一个 servlet 过滤器,并且客户端发出两个同时到达一行 request.getSession(true) 的同时调用,会返回相同的会话对象吗?我认为这样的事情将是特定于容器的?或者您是否保证每个请求客户端都有一个同步的 getSession 调用.
For example if you had a servlet filter and a client issue two simultaneous calls which simultaneously reach a line request.getSession(true) would the same session object be returned? I assume such a thing would be container specific? Or are you gauranteed a syncronized getSession call per requesting client.
推荐答案
不确定您在这里真正关心的是什么:
Not sure what you are really concerned here:
例如,如果您有一个 servlet 过滤器,并且客户端发出两个同时到达线路的同时呼叫:
For example if you had a servlet filter, and a client issues two simultaneous calls which simultaneously reach the line:
request.getSession(true)
是否会返回相同的会话对象?
would the same session object be returned?
这取决于您所说的相同会话对象是什么意思,即您的意思是 s1 == s2 还是 s1.equals(s2).我找不到任何说明对象必须相同的内容 (==),但即使它们可能都是不同的对象,它们最终可以看到相同的 逻辑会话.将这些会话对象想象成数据库客户端:它们不是数据,但它们都查看相同的数据,即它们读取和写入到一个公共位置.
It depends on what you mean by same session object, ie if you mean s1 == s2 or s1.equals(s2). I can't find anything stating that the object must be the same (==), but even if likely they are all different objects, they eventually can see the same logical session. Imagine these session objects as database clients: they are not the data, but they all view the same data, ie they read and write to a common place.
现在,要回答您的问题,我们必须在读取来自同一服务器的任何其他响应之前确定客户端是否发出第二个请求:必须使用输入(在 URL 或 HTTP 标头中)跟踪会话, 以 cookie 的形式),所以我们有以下场景:
Now, to answer your question, we must decide if the client issued the second request before reading any other response from the same server: a session must be tracked with a piece of input (either in the URL or in the HTTP headers, in the form of a cookie), so we have the following scenarios:
- 客户端发出请求 #1,获取会话,并在两个同时请求 #2 和 #3 中将会话 ID 发送回服务器:它们将共享会话
- 客户端几乎同时发出请求 #1 和 #2,之前没有向同一应用程序发出任何请求.由于没有向服务器提供输入(没有会话 ID),因此会创建两个新会话,即使客户端没有同时点击 getSession() 行.根据客户端应用程序的不同,这可能是一个错误,也可能不是.
- Client makes request #1, gets a session, and sends the session ID back to the server in two simultaneous requests #2 and #3: they will share the session
- Client makes request #1 and #2 almost at the same time, without any previous request to the same application. Since no input is provided to the server (no session ID) two new sessions are created, even if the clients don't hit the getSession() line at the same moment. Depending on the client application, this may be a bug or not.
所以这根本不是线程的问题.它只取决于客户端提供的输入.相同的会话 ID,返回相同的会话.不同(或没有)会话 ID,不同的会话.
So this is not a problem with threads at all. It just depends on the input supplied by the client. Same session ID, same session returned. Different (or no) session ID, different sessions.
为了正确起见,逻辑客户端(单个程序,如 Firefox)甚至可以在 N+ 核机器上的 N 个单独线程中发出 N 个请求,但网络通常是共享的.假设它有一台多宿主机器,并且每个 NIC 都连接到一个单独的网络,您将需要 servlet 容器来侦听多个 IP 地址并拥有 N 个处理器(或内核).这只是说没有必要有两个同时调用,尽管来自同一个客户端的请求完全有可能被并行处理,从而在同一时刻到达同一行.
Just for the sake of correctness, a logical client (a single program, like Firefox) can even make N requests in N separate threads on a N+ cores machine, but the network is usually shared. Assuming it has a multihomed machine, and each NIC is connected to a separate network, you'll need your servlet container to listen to multiple IP addresses and have N processors (or cores). This is just to say that there's no need to have two simultaneous calls, though it's perfectly possible that requests from the same client are processed in parallel and thus reach the same line at the same moment.
这篇关于HttpServletRequest.getSession(true) 线程安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
