java multiple servlets thread safety of hashtable

Question

in my application, i have one servlet which performs login and other operations. in this single servlet i store the users in an hastable keyed by the session id.

Hashtable<string,MySession> sessions; //sessionid and MySession instance

But the login process is a bit complicated and contains business issues, so i decided it to seperate, i want to have two servlets one for login and one for operation. The login servlet will generate MySession and will store it and forward the client to the operation servlet. As a result the both servlets login and operation must share this hashtable.

Question is,

is my current structure threadsafed? I mean this single servlet instance, where i store all users in a hastable? I have hashtable modifying methods such as addNewSession and clearSession. (I use browser session id as key). I did not make this methods synchronised, because this approach is not suggested (single instance of servlet)
what happens if i declare this hastable static so i can reach it from both new separated servlets (login and operation)
what if i store this hastable in a parent servlet and extend login and operation from that servlet so that both can reach their parent servlets protected hashtable instance?
using servlet contenxt methods, where i reach the other servlet from context or directly store the hashtable in context? Will it resolve thread safety issuses? Or i think i should provide synchronization for ServletContext object returned by getServletContext() because it is shared between servlets in myapplication?

The current structure is:

public SingleServlet extends HttpServlet {
     Hashtable<string,MySession> sessions = new Hashtable();

     public void doGet(HttpRequest request, HttpResponsr response) {
         String sessionId = request.getSessionId();

         if (sessions.get(sessionId) == null) {
             // Create a new session and store
             // Do login operations
             MySession iNewSession = new MySession(..);

             // Thread safety??
             sessions.put(sessionId, iNewSession);
         } else {
             // Already existing session, operate on that
             MySession iExistingSession = sessions.get(sessionId);

             // Check if operation is logout
             if (isLogout(request)) {
                iExistingSession.performLogout();

                // Thread safety??
                sessions.remove(sessionId);
             } else
             iExistingSession.continueOperation(request, response);
         }

Why are you reinventing what the native sessions already do? — JB Nizet, Dec 28 '14 at 12:02
No, I mean HttpSession. That's exactly what it is: a hash table for each session ID, where you can store any attribute you want. — JB Nizet, Dec 28 '14 at 13:06

score 0 · Answer 1 · answered Dec 28 '14 at 12:09

0

Your code is not thread-safe. While individual operations (like put, get and remove) are atomic and thread-safe, a sequence of operations (e.g. a get followed by a put) is not thread-safe.

answered Dec 28 '14 at 12:09

Stephen C

698,415
94
811
1,216

I believe ConcurrentHashMap under java.util.concurrent is a better choice than Hashtable since 1.5, but would it solve the problem in this case? Or do you have any other suggestions? – Paul Lo Dec 28 '14 at 12:11

java multiple servlets thread safety of hashtable

1 Answers1