#3507: sessions race condition
---------------------------------------+------------------------------------
   Reporter:  [EMAIL PROTECTED]  |                Owner:  adrian      
     Status:  new                      |            Component:  Contrib apps
    Version:  SVN                      |           Resolution:              
   Keywords:  sessions save            |                Stage:  Unreviewed  
  Has_patch:  0                        |           Needs_docs:  0           
Needs_tests:  0                        |   Needs_better_patch:  0           
---------------------------------------+------------------------------------
Changes (by [EMAIL PROTECTED]):

  * keywords:  sessions => sessions save

Comment:

 If your calculation is correct, I won't have to worry about it indeed.
 
 I blame my lack of knowledge on the exact working of the PRNG in use, it's
 used seed, ... because it will be very dependant on that.
 
 Your statement on remote_addr is also correct, another one would be the
 chanse that md5 collisions occur while still having a random value, ...
 
 I however believe that it would be better to make sure that in the case of
 a new session, save will only try and perform an INSERT, and never try the
 SELECT/UPDATE pair as is being used.
 
 Maybe the flaw is not exactly in the session implementation, but in save()
 in general; because for whatever model we use save(), I think we can never
 be sure that the values will be INSERT'ed, and not UPDATE'ed by concurrent
 requests instead of failing and giving a chance to rollback (last time I
 checked).
 
 I might for example add a Domain(model) to my Profile(model) only if it
 does not yet exist, concurrently with someone else, even when using
 sessions, both requests will perform a SELECT, one performs a SELECT and
 INSERT, the other one will block untill the first one is commited, if that
 happens, it will perform a SELECT and UPDATE, and both sessions receive an
 'OK' while only one has the domain in it's profile. To make it worse, it
 could be possible that they both send a signal to some daemon to process
 the domain addition, and things go boom. Am I correct on this?
 
 If this is correct, it would be nice to be able to force certain behaviour
 and take advantage in the session implementation for example.
 
 eg:
 {{{
 def save(..., new_obj=False, existing_obj=False):
 }}}
 
 I thank you already for your time spend.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/3507#comment:2>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to