Hi Michael,
On 03/31/2015 02:42 PM, Michael Ben Yosef wrote:
> Firstly, what is a good way to use mutexes to make sure that the session
> data cannot be left in an inconsistent state by concurrent
> modifications? Is it OK to call create_mutex/1on the session ID as shown
> below?
>
> |
> http_session_id(Id),
> create_mutex(Id),
> with_mutex(Id,
> ( http_session_retractall(foo(X)),
> http_session_assert(foo(42))
> )),
> ...
> |
>
> If so, how does one check if a mutex with a given ID already exists
> before creating it?
You do not have to create a mutex explicitly. Trying to lock it will
create it for you. So, you can simply leave the create_mutex(Id) out.
But ... as sessions are created with new unique identifiers, you'll
loose the mutex. You can define a hook that is called when the session
is reclaimed (due to timeout or explicitly) to remove the mutex. In
general though, I'd use a fixed mutex name for short possibly
conflicting updates. I often use the module name as mutex name
to protect all dynamic data managed by a module.
I also wonder about a realistic scenarion where the above would be
needed. Basically, this should only be needed if a single client
runs multiple requests concurrently that update the same session
data.
> Secondly, should library(http/http_session) not make sessions persistent
> by default? Obviously it makes little difference when the timeout is 10
> minutes, as is the default, but nowadays I think it is common for people
> to stay logged in to their favourite services for weeks when using
> private computers. It's likely the server will have to be restarted for
> some reason over such a long period, inconveniencing clients who will
> find themselves logged out.
I don't know. Staying logged on is only one of the things for which you
can use sessions. You may also want to share sessions over a cluster of
servers, etc. If you have persistency, you might want privacy using
encryption, etc. Maybe we need some hook that allows you to program how
sessions are stored.
On the other hand, nobody stops you from using library(persistency) or a
database interface for storing session data.
Cheers --- Jan