Skip Menu |

This queue is for tickets about the CGI-Session-Driver-memcache CPAN distribution.

Report information
The Basics
Id: 122164
Status: new
Priority: 0/
Queue: CGI-Session-Driver-memcache
People
Owner: Nobody in particular
Requestors: scott [...] tropare.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Jun 21 21:01:51 2017 scott [...] tropare.com - Ticket created
Subject: Race Condition Bug
Date: Wed, 21 Jun 2017 18:01:40 -0700
To: bug-CGI-Session-Driver-memcache [...] rt.cpan.org
From: Scott Deardorff <scott [...] tropare.com>
Consider the following scenario 1. A page loads and makes two AJAX calls to 2 Perl endpoints. 2. Both endpoints use CGI::Session w/ CGI-Session-Driver-memcached 3. The browser has a single CGISESSID cookie and inside the sessions the params foo=bar and bing=bong are already set from a previous process. 4. Perl endpoint 1 and 2 read the session data at the same time 5. Perl endpoint 1 Updates the param foo=foo2 in the session data and finishes 6. Perl endpoint 2 Updates the param bing=bar in the session data and finishes The end result with the current code will be that the session will have foo=bar and bing=bar. That is because there is no locking mechanism, and there is no use of the memcache atomic storage mechanism CAS (Check and store). Am I missing something? If I am not, this could cause some hard to track down issues in sessions.