Is HttpSession thread safe, are set/get Attribute thread safe operations?

by

Servlet 2.5 spec:

Multiple servlets executing request
threads may have active access to the
same session object at the same time.
The container must ensure that
manipulation of internal data
structures representing the session
attributes is performed in a
threadsafe manner. The Developer has
the responsibility for threadsafe
access to the attribute objects
themselves. This will protect the
attribute collection inside the
HttpSession object from concurrent
access, eliminating the opportunity
for an application to cause that
collection to become corrupted.

This is safe:

// guaranteed by the spec to be safe
request.getSession().setAttribute("foo", 1);

This is not safe:

HttpSession session = request.getSession();
Integer n = (Integer) session.getAttribute("foo");
// not thread safe
// another thread might be have got stale value between get and set
session.setAttribute("foo", (n == null) ? 1 : n + 1);

This is not guaranteed to be safe:

// no guarantee that same instance will be returned,
// nor that session will lock on "this"
HttpSession session = request.getSession();
synchronized (session) {
  Integer n = (Integer) session.getAttribute("foo");
  session.setAttribute("foo", (n == null) ? 1 : n + 1);
}

I have seen this last approach advocated (including in J2EE books), but it is not guaranteed to work by the Servlet specification. You could use the session ID to create a mutex, but there must be a better approach.

More Related Contents:

  1. Synchronizing on String objects in Java
  2. Java synchronized method lock on object, or method?
  3. How to fix org.hibernate.LazyInitializationException – could not initialize proxy – no Session
  4. Hibernate: different object with the same identifier value was already associated with the session [duplicate]
  5. Is a HashMap thread-safe for different keys?
  6. Thread safe multitons in Java
  7. Is a volatile int in Java thread-safe?
  8. Sharing session data between contexts in Tomcat
  9. Should getters and setters be synchronized?
  10. Must Spring component classes be thread-safe
  11. Session is lost and created as new in every servlet request
  12. What is the difference between synchronized on lockObject and using this as the lock?
  13. Retrieving servlet context, session and request in a POJO outside container
  14. SessionTimeout: web.xml vs session.maxInactiveInterval()
  15. How to stop a thread created by implementing runnable interface?
  16. How to invalidate an user session when he logs twice with the same credentials
  17. Are primitive datatypes thread-safe in Java
  18. Are non-synchronised static methods thread safe if they don’t modify static class variables?
  19. Sending POST request with username and password and save session cookie
  20. How do I prove programmatically that StringBuilder is not threadsafe?
  21. Managing webapp session data/controller flow for multiple tabs
  22. Best option for Session management in Java
  23. How to use parameters, request and session objects present in ActionContext?
  24. How to implement thread-safe lazy initialization?
  25. Android session management
  26. final fields and thread-safety
  27. How to get the Context from anywhere? [duplicate]
  28. How can I manually load a Java session using a JSESSIONID?
  29. Learning Java, use of synchronized keyword
  30. Is LinkedList thread-safe when I’m accessing it with offer and poll exclusively?

Leave a Comment