#3507: sessions race condition
---------------------------------------+------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: adrian
Status: new | Component: Contrib apps
Version: SVN | Resolution:
Keywords: sessions save | Stage: Unreviewed
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
---------------------------------------+------------------------------------
Changes (by [EMAIL PROTECTED]):
* keywords: sessions => sessions save
Comment:
If your calculation is correct, I won't have to worry about it indeed.
I blame my lack of knowledge on the exact working of the PRNG in use, it's
used seed, ... because it will be very dependant on that.
Your statement on remote_addr is also correct, another one would be the
chanse that md5 collisions occur while still having a random value, ...
I however believe that it would be better to make sure that in the case of
a new session, save will only try and perform an INSERT, and never try the
SELECT/UPDATE pair as is being used.
Maybe the flaw is not exactly in the session implementation, but in save()
in general; because for whatever model we use save(), I think we can never
be sure that the values will be INSERT'ed, and not UPDATE'ed by concurrent
requests instead of failing and giving a chance to rollback (last time I
checked).
I might for example add a Domain(model) to my Profile(model) only if it
does not yet exist, concurrently with someone else, even when using
sessions, both requests will perform a SELECT, one performs a SELECT and
INSERT, the other one will block untill the first one is commited, if that
happens, it will perform a SELECT and UPDATE, and both sessions receive an
'OK' while only one has the domain in it's profile. To make it worse, it
could be possible that they both send a signal to some daemon to process
the domain addition, and things go boom. Am I correct on this?
If this is correct, it would be nice to be able to force certain behaviour
and take advantage in the session implementation for example.
eg:
{{{
def save(..., new_obj=False, existing_obj=False):
}}}
I thank you already for your time spend.
--
Ticket URL: <http://code.djangoproject.com/ticket/3507#comment:2>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
