Re: [WebMacro-user] [WebMacro-user

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 20 Feb 2006, at 00:57, Lane Sharman wrote:

>
> This is most disturbing to hear about.
>

> First, there is a known concurrency issue with WM in 2.0 and possibly
> in prior releases. If you look at the mail thread dating back for 45
> days, you will definitely see it.
>
> My concern is that the webmacro instance, shared, and the context, not
> shared, is improperly orchestrated for concurrency. The webmacro
> instance is local to WMServlet. You might consider synchronizing  
> access to this variable as a trial fix in your local calls below.  
> This will introduce some serialization of web processing but it  
> might help to verify the solution.

I am slightly alarmed by this also, because I have seen something  
similar happening. On a recent commercial website I did the back-end  
for, using Groovy and WebMacro, I have seen on occasion clients  
submitting data to the site using somebody else's UID.

I'm am not 100% sure there is a definite problem because the times I  
have seen it was during intense activity by a lot of users at the  
same company, so it may have been people sharing each others' PCs (it  
was a promotional game playing event).

Anyway, I will be investigating this further in the next few days and  
will let you know what I find out. Actually my fear is that the  
problem is in Groovy rather than WebMacro (WM being much easier to  
fix!) because WM is not really used to retrieve the session UID  
except in some niche scenarios.

The more work I do the more I realise that sessions are evil and  
problematic... ditch them and pass around a request ID with every  
link is the best solution - especially as it supports multiple  
concurrent workflows/requests.

Cheers