By Harry Fuecks

Race Conditions, AJAX and Sessions

By Harry Fuecks
Last chance to win! You'll get a... FREE 6-Month Subscription to SitePoint Premium Plus you'll go in the draw to WIN a new Macbook SitePoint 2017 Survey Yes, let's Do this It only takes 5 min

Via Jeff’s bookmarks, Race Conditions with Ajax and PHP Sessions by Andy “thwarted” Bakun is an outstanding anaylsis of a problem that’s come up before on this blog here.

In fact the title is almost misleading – the first half looks at “parallel processing” in Javascript with some valuable insight – i.e. you want to read this even if you’re not using PHP.

The second half explores building a custom PHP session handler (PHP’s default session handler does not suffer from race conditions but can become problematic the moment you start handling serious traffic), leading up to a very cunning strategy that allows you to lock a single session variable (rather than the entire session) via overloading the $_SESSION variable using SPL – effectively an alternative to using session_set_save_handler() – let’s hope this becomes recognised as a feature that needs supporting.

And it’s refresshing it is to see something like this in PHP-related content…

the built-in [PHP] session handler uses the flock(2) system call […] This can be verified by using strace to list all the system calls being made by a process. Here’s the important bit:

open("/var/lib/php/session/sess_XXXXXXXXXXXXXXXXXXXXXXXXXX", O_RDWR|O_CREAT, 0600) = 18
flock(18, LOCK_EX)                      = 0
fcntl64(18, F_SETFD, FD_CLOEXEC)        = 0
fstat64(18, {st_mode=S_IFREG|0600, st_size=11, ...}) = 0
pread64(18, "count|i:17;", 11, 0)       = 11
. . . .
pwrite64(18, "count|i:18;", 11, 0)      = 11
close(18)                               = 0

Side note – find myself agreeing with much of Andy’s Problems with PHP – much closer to the mark than the sort of gripes you typically find on the PHP sucks web ring.

Login or Create Account to Comment
Login Create Account
Get the most important and interesting stories in tech. Straight to your inbox, daily.Is it good?