| Subject: | Invalid/Expired session ids are inserted into the store. A new session id should be created instead. |
This leads to duplicate key constraint errors on concurrent requests
(hundreds per day on a busy site with lots of AJAX) because both
requests try to insert an invalid session id at the same time instead of
creating (independent) new session ids.
I think the find_or_create() call is the culprit and I guess it could be
replaced by a simple find() call to see if a session is still valid. If
not, a new(!) session id should be created.
Catalyst::Plugin::Session::Store::DBI is more correct and does not
exhibit the described problem. For now I consider Session::Store::DBIC
broken.
Here's a more detailled description and discussion of the problem:
http://www.gossamer-threads.com/lists/catalyst/users/29410