You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by William White <wh...@library.ucsf.edu> on 2002/01/18 22:17:05 UTC
locking bug in Apache::Session::File
I've been told this is the place to send questions related to apache perl
modules.
I believe I have discovered a locking bug in Apache::Session::File.
The following code should retrieve an existing session from the file system
and place an exclusive lock on the session file:
my $locking_args = { 'Directory' => '/tmp/sessions_dir',
'LockDirectory' => '/tmp/sessions_lock_dir',
'Transaction' => '1' };
tie(%session, 'Apache::Session::File', $session_id, $locking_args);
The 'locking_args' hash is used to pass parameters to the locking object
contained by the session object. According to the Apache::Session
documentation any true value of "Transaction" should force the object to
exclusively lock the session file. Unfortunately this does not appear to
work (at least not all the time).
Looking in the TIEHASH I think I've discovered the reason. The session
uses a locking object. In this case the locking object is
Apache::Session::Lock::File. This object has two methods which acquire
locks, aptly named acquire_read_lock and acquire_write_lock. The first
method uses flock to acquire a non-exclusive lock. The second method uses
flock to acquire an exclusive lock. TIEHASH checks the value of
'Transaction' and calls acquire_write_lock if the value is true. It then
calls a method named restore. It does this regardless of the value of
'Transaction'. The restore method calls acquire_read_lock. Again it does
this without examining the value of 'Transaction'.
Now according to the flock man page if a process requests a lock on a file
it already has locked, then the new lock will replace the old one. Thus
requesting a non-exclusive lock on file which the process already has an
exclusive lock for will cause the non-exclusive lock to replace the
exclusive one.
The call to acquire_read_lock in the restore method wipes out the exclusive
lock on the session file. This makes it impossible to maintain
transactional consistency with Apache::Session::File.
I was wondering if anyone else out there has run into this problem. Is
there a fix available? My version of Apache::Session is 1.54 which is the
newest version that I see on CPAN. Is there another version out there that
fixes this problem or should I bring this up with the author?