Christoph Zwerschke wrote on 04/07/2006 03:57 PM:
Ben Parker wrote:
The SessionStore convenience functions items() and values() include a
bug where a session key can be deleted after self.keys() has been
called, but before the session has been accessed from the store. This
leads to an unhandled KeyError which causes SessionSweeper to fail,
allowing sessions to pile up until catastrophic failure due to lack
of memory.
I have checked this in as suggested, adding a similar fix for get().
Thanks, Cristoph!
For a completely foolproof solution, maybe items(), values() and get()
should be overridden in SessionDynamicStore, and wrapped in a lock?
I agree in spirit that every SessionStore should be encouraged to
implement it's own version of these functions to ensure correctness and
efficiency. But at least now the base class is correct.
In practice, I'm not sure wrapping a lock around an items() call in
SessionDynamicStore or SessionFileStore is the best idea, because it
could take a relatively long time to load all the pickled Sessions from
the drive. When I first encountered this, I looked at rewriting those
functions at the SessionDynamicStore level, and didn't because I thought
they would end up basically the same as the corrected base class version.
However, something like a database-backed SessionStore would want to
override those methods to be more efficient.
- Ben
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Webware-discuss mailing list
Webware-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/webware-discuss
