Skip to main content

Race Conditions, AJAX and Sessions

By Harry Fuecks

Programming

Share:

😳 Ever felt a little embarassed sharing your JavaScript? Let's fix it.

Via Jeff’s bookmarks, Race Conditions with Ajax and PHP Sessions by Andy “thwarted” Bakun is an outstanding anaylsis of a problem that’s come up before on this blog here.

In fact the title is almost misleading – the first half looks at “parallel processing” in Javascript with some valuable insight – i.e. you want to read this even if you’re not using PHP.

The second half explores building a custom PHP session handler (PHP’s default session handler does not suffer from race conditions but can become problematic the moment you start handling serious traffic), leading up to a very cunning strategy that allows you to lock a single session variable (rather than the entire session) via overloading the $_SESSION variable using SPL – effectively an alternative to using session_set_save_handler() – let’s hope this becomes recognised as a feature that needs supporting.

And it’s refresshing it is to see something like this in PHP-related content…

the built-in [PHP] session handler uses the flock(2) system call […] This can be verified by using strace to list all the system calls being made by a process. Here’s the important bit:

open("/var/lib/php/session/sess_XXXXXXXXXXXXXXXXXXXXXXXXXX", O_RDWR|O_CREAT, 0600) = 18
flock(18, LOCK_EX)                      = 0
fcntl64(18, F_SETFD, FD_CLOEXEC)        = 0
fstat64(18, {st_mode=S_IFREG|0600, st_size=11, ...}) = 0
pread64(18, "count|i:17;", 11, 0)       = 11
. . . .
pwrite64(18, "count|i:18;", 11, 0)      = 11
close(18)                               = 0

Side note – find myself agreeing with much of Andy’s Problems with PHP – much closer to the mark than the sort of gripes you typically find on the PHP sucks web ring.

Harry Fuecks is the Engineering Project Lead at Tamedia and formerly the Head of Engineering at Squirro. He is a data-driven facilitator, leader, coach and specializes in line management, hiring software engineers, analytics, mobile, and marketing. Harry also enjoys writing and you can read his articles on SitePoint and Medium.