aogburn commented on code in PR #882:
URL: https://github.com/apache/tomcat/pull/882#discussion_r2282714274
##########
java/org/apache/catalina/session/FileStore.java:
##########
@@ -196,19 +205,26 @@ public Session load(String id) throws
ClassNotFoundException, IOException {
ClassLoader oldThreadContextCL =
context.bind(Globals.IS_SECURITY_ENABLED, null);
- try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
- ObjectInputStream ois = getObjectInputStream(fis)) {
+ try {
+ acquireIdReadLock(id);
+ if (!file.exists()) {
Review Comment:
If we've confirmed the file exists for us to read, then we don't want it
modified or deleted from this point through to the read completion. So we grab
the lock before file.exists and hold to read completion. If we checked
`file.exists` before the lock in `save`, then it's not truly protected from a
delete/modification from another thread right after before the `save` then
acquires the lock and completes its read.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
