You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by William White <wh...@library.ucsf.edu> on 2002/01/18 22:17:05 UTC

locking bug in Apache::Session::File

I've been told this is the place to send questions related to apache perl 
modules.

I believe I have discovered a locking bug in Apache::Session::File.

The following code should retrieve an existing session from the file system 
and place an exclusive lock on the session file:

my $locking_args = { 'Directory' => '/tmp/sessions_dir',
                                 'LockDirectory' => '/tmp/sessions_lock_dir',
                                 'Transaction' => '1' };

tie(%session, 'Apache::Session::File', $session_id, $locking_args);

The 'locking_args' hash is used to pass parameters to the locking object 
contained by the session object.  According to the Apache::Session 
documentation any true value of "Transaction" should force the object to 
exclusively lock the session file.  Unfortunately this does not appear to 
work (at least not all the time).

Looking in the TIEHASH I think I've discovered the reason.  The session 
uses a locking object.  In this case the locking object is 
Apache::Session::Lock::File.  This object has two methods which acquire 
locks, aptly named acquire_read_lock and acquire_write_lock.  The first 
method uses flock to acquire a non-exclusive lock.  The second method uses 
flock to acquire an exclusive lock.  TIEHASH checks the value of 
'Transaction' and calls acquire_write_lock if the value is true.  It then 
calls a method named restore.  It does this regardless of the value of 
'Transaction'.  The restore method calls acquire_read_lock.  Again it does 
this without examining the value of 'Transaction'.

Now according to the flock man page if a process requests a lock on a file 
it already has locked, then the new lock will replace the old one.  Thus 
requesting a non-exclusive lock on file which the process already has an 
exclusive lock for will cause the non-exclusive lock to replace the 
exclusive one.

The call to acquire_read_lock in the restore method wipes out the exclusive 
lock on the session file.  This makes it impossible to maintain 
transactional consistency with Apache::Session::File.

I was wondering if anyone else out there has run into this problem.  Is 
there a fix available?  My version of Apache::Session is 1.54 which is the 
newest version that I see on CPAN.  Is there another version out there that 
fixes this problem or should I bring this up with the author?