Race condition: Sessions stored in the database and Cypht
- Status
- Open
- Subject
- Race condition: Sessions stored in the database and Cypht
- Version
- 21.x
22.x
23.x
24.x
25.x
26.x - Category
- Conflict of two features (each works well independently)
- Feature
- Webmail
- Resolution status
- New
- Submitted by
- Marc Laporte
- Lastmod by
- Marc Laporte
- Rating
- Description
The Tiki preference "Session storage location" must not be set to "database"
Victor Emanouilov wrote on 10 Mar 23:Debugged for some hours and came up with this:
- no problem in cypht code itself - reply details are sent to the session to be written and requested from session on the compose page but there are not there when requested
- session Tiki-Cypht integration - no problem as well, session is written when request finishes
- data that is written to the mysql sessions table (this Tiki stores sessions in db) is correct (contains the reply details)
- however, the data is not in mysql database after writeTried to debug more with manual query, tried to simplify with select and then update or insert instead of replace type of query but again the same result.
I think this is what happens - every time this bug happens, there are multiple AJAX requests executed in the background. I think they overlap in time which results in the following race condition:
1. get message content cypht ajax request begins and is processing.
2. another ajax request begins and opens the session (reads the current session and there are no reply details there).
3. get message content cypht ajax request writes the session when completing and writes the reply details
4. the other ajax request finishes after that and writes the session but it doesn't have the reply details (effectively overwriting another process's session).I think we switched for non-locking mode of db sessions to speed up this Tiki but when we face overlapping ajax requests this has adverse side effects. Do you remember why did we switch to non-locking mode? I think we should either update cypht-Tiki integration to send one ajax request at a time or switch to session lock mode the whole site.
- Importance
- 5
- Easy to solve?
- 2
- Priority
- 10
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Ticket ID
- 8365
- Created
- Monday 20 March, 2023 03:37:31 UTC
by Marc Laporte - LastModif
- Monday 20 March, 2023 03:47:18 UTC