protected String handleToken(ActionInvocation invocation) throws Exception {
// see WW-2902: we need to use the real HttpSession here, as opposed to the map
// that wraps the session, because a new wrap is created on every request
HttpSession session = ServletActionContext.getRequest().getSession(true);
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
}
return handleValidToken(invocation);
}
