> I have been asked to do a code review of a site and I have
> found that the developers don't bother to lock session variables
> when then read or write them. Does anybody have an good horror
> stories about the dangers of doing this so I legitimately show
> the customer why this is a problem. He is a nontechnical person
> so any talk of needing to single-thread processes when using
> shared variables won't mean a thing to him. Since I always lock
> around the variables I can't give him any personal horror stories.
> Perhaps some of you have heard of some (I KNOW they won't come
> from YOUR sites because you always follow best practices ;-) but
> maybe you inherited some.)
As someone who spends a lot of time reviewing the applications of others, I
can tell you that I've seen several occurrences where the omission of proper
locking of session variables caused applications to fail under load. For the
most part, NDAs prevent disclosure of further detail, but if your client
wants to pay someone like me lawyers' rates to fix an application after a
failed deployment, rather than having it done right the first time, that's
fine by me.
However, just because he's a non-technical person, you should be able to
explain the basic problem to him enough for him to understand it. You can
use the classic "ATM machine" example typically used to explain concurrency
and basic transactional logic.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
