Loading...
 
Skip to main content

Race condition: Sessions stored in the database and Cypht

Status
Open
Subject
Race condition: Sessions stored in the database and Cypht
Version
21.x
22.x
23.x
24.x
25.x
26.x
Category
  • Conflict of two features (each works well independently)
Feature
Webmail
Resolution status
New
Submitted by
Marc Laporte
Lastmod by
Marc Laporte
Rating
(0)
Description

The Tiki preference "Session storage location" must not be set to "database"

Victor Emanouilov wrote on 10 Mar 23:

Debugged for some hours and came up with this:
- no problem in cypht code itself - reply details are sent to the session to be written and requested from session on the compose page but there are not there when requested
- session Tiki-Cypht integration - no problem as well, session is written when request finishes
- data that is written to the mysql sessions table (this Tiki stores sessions in db) is correct (contains the reply details)
- however, the data is not in mysql database after write

Tried to debug more with manual query, tried to simplify with select and then update or insert instead of replace type of query but again the same result.

I think this is what happens - every time this bug happens, there are multiple AJAX requests executed in the background. I think they overlap in time which results in the following race condition:
1. get message content cypht ajax request begins and is processing.
2. another ajax request begins and opens the session (reads the current session and there are no reply details there).
3. get message content cypht ajax request writes the session when completing and writes the reply details
4. the other ajax request finishes after that and writes the session but it doesn't have the reply details (effectively overwriting another process's session).

I think we switched for non-locking mode of db sessions to speed up this Tiki but when we face overlapping ajax requests this has adverse side effects. Do you remember why did we switch to non-locking mode? I think we should either update cypht-Tiki integration to send one ajax request at a time or switch to session lock mode the whole site.

Importance
5
Easy to solve?
2
Priority
10
Demonstrate Bug on Tiki 19+
Demonstrate Bug (older Tiki versions)
Ticket ID
8365
Created
Monday 20 March, 2023 03:37:31 UTC
by Marc Laporte
LastModif
Monday 20 March, 2023 03:47:18 UTC


Show PHP error messages