[Tickets #1580] NEW: Horde SessionHandler drivers do not serialize
session access
bugs at bugs.horde.org
bugs at bugs.horde.org
Thu Mar 17 19:24:59 PST 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=1580
-----------------------------------------------------------------------
Ticket | 1580
Created By | windhamg at email.arizona.edu
Summary | Horde SessionHandler drivers do not serialize session access
Queue | Horde Framework Packages
State | Unconfirmed
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
windhamg at email.arizona.edu (2005-03-17 19:24) wrote:
None of the Horde Framework SessionHandler drivers address session
serialization. This is problematic because many Horde application PHP
scripts (e.g., imp/mailbox.php) generate output that includes Javascript
code that results in multiple reconnects from the browser (to retrieve CSS
files, Javascript code libraries, etc). If the original PHP script hasn't
written its session state before these subsequent accesses occur, the
session state is corrupted, due to the lack of serialized access. This can
be visualized as two interleaved threads of execution--B starting subsequent
to A, and each accessing the same session state (x):
A(t0)-->session_read(x)-->session_write(x)
B(t0+delta)-->session_read(x)-->session_write(x)
In this scenario, the PHP script represented by thread A believes that it
has committed its session state, which it has, but which is subsequently
overwritten by the (earlier) session state contained in thread B.
Therefore, the output generated by A is no longer consistent with the
session cache--resulting in "message not found" errors, and other oddities.
Proper serialization of session access in the SessionHandler drivers would
alleviate this condition.
More information about the bugs
mailing list