Problems and suggestion for improved session handling/locking
23 views
Skip to first unread message
Ralph Heinkel
Oct 18, 2012, 7:31:39 AM10/18/12
to cherryp...@googlegroups.com
Hi,
for our web application we face some session locking issues during
requests. What we would like to do is to save/close/unlock a session
after accessing some of its data at the very beginning of a request
(to allow for parallel requests from the same user). This can be done
nicely with the session.save() method. This method does both saving
and releasing the lock.
One problem we found is that at the end of the request the save-method
in the sessions.py module is called which saves the session data
again, despite the fact that there is no current lock on it. This
might be dangerous if there is another request from the same user
going on which has opened and locked this (file)session. (This happens
for us when users work from multiple browser tabs, which they do since
some of our request take really long to finish).
So my suggestion would be that an unlocked session should not be saved
again at the end of a request.
The second issue is that in some rare cases (mainly for error
reporting if a request failed in a late stage) we would need to use
the session object again after it has been saved/released. It would be
perfect if a previously saved/unlocked session could automatically
reinitialize itself whenever accessed again.
All methods like '__getitem__' do a check whether session data is
loaded before it is accessed. If data is not load this is done first.
However the session locking happens through a 'before_handler' at the
beginning of a request.
Could the session locking be combined with the load() method of a
session optionally? (e.g. with config.session.locking=onload) This
would turn a session to be both lazy locking and lazy loading.
Also this would make the save() and the load() method to be symmetric
in terms of session locking and unlocking. For this to work the save()
method should set the 'loaded' flag to False so that a future access
to the session triggers its reinitialization.
Would this be a viable way to improve session handling? Comments are
very welcome.
Ciao ciao
Ralph
for our web application we face some session locking issues during
requests. What we would like to do is to save/close/unlock a session
after accessing some of its data at the very beginning of a request
(to allow for parallel requests from the same user). This can be done
nicely with the session.save() method. This method does both saving
and releasing the lock.
One problem we found is that at the end of the request the save-method
in the sessions.py module is called which saves the session data
again, despite the fact that there is no current lock on it. This
might be dangerous if there is another request from the same user
going on which has opened and locked this (file)session. (This happens
for us when users work from multiple browser tabs, which they do since
some of our request take really long to finish).
So my suggestion would be that an unlocked session should not be saved
again at the end of a request.
The second issue is that in some rare cases (mainly for error
reporting if a request failed in a late stage) we would need to use
the session object again after it has been saved/released. It would be
perfect if a previously saved/unlocked session could automatically
reinitialize itself whenever accessed again.
All methods like '__getitem__' do a check whether session data is
loaded before it is accessed. If data is not load this is done first.
However the session locking happens through a 'before_handler' at the
beginning of a request.
Could the session locking be combined with the load() method of a
session optionally? (e.g. with config.session.locking=onload) This
would turn a session to be both lazy locking and lazy loading.
Also this would make the save() and the load() method to be symmetric
in terms of session locking and unlocking. For this to work the save()
method should set the 'loaded' flag to False so that a future access
to the session triggers its reinitialization.
Would this be a viable way to improve session handling? Comments are
very welcome.
Ciao ciao
Ralph
Reply all
Reply to author
Forward
0 new messages