How to terminate the UI thread [message #1760631] |
Sat, 29 April 2017 08:00  |
Eclipse User |
|
|
|
Hi all,
As we all know, in RAP application, the UI Thread will be created after user login successfully, this is Daemon Thread.
But a new UI Thread will be created when user refresh the browser.
If the hacker send many time requests, it will create many UI Threads and will cause DOS due to high usage of CPU and memory.
Thanks
|
|
|
Re: How to terminate the UI thread [message #1760652 is a reply to message #1760631] |
Sun, 30 April 2017 09:58   |
Eclipse User |
|
|
|
There are many ways to terminate the UIThread:
Expire the HTTP session.
Remove the UISession from the HTTP session.
Let the EntryPoint#createUI method finish
Throw a ThreadDeath exception in the UIThread
I'm sure there's more but that's just off the top of my head
|
|
|
Re: How to terminate the UI thread [message #1760695 is a reply to message #1760652] |
Tue, 02 May 2017 06:30  |
Eclipse User |
|
|
|
Thanks for your reply.
I have found the reason, when refresh the browser, cid which UI session depends on will change, and cid generate from _generateConnectionId function of client.js. I think I can control the cid on server side to make sure unique value per session.
My Rap version is 2.2.0.
Thanks again.
|
|
|
Powered by
FUDForum. Page generated in 0.03348 seconds