|Subject:||Race condition in CGI::Session::File::store|
If two writers manage to call sysopen() successfully before either of them flock()s the session file, they end up overwriting each other's session values in the file. The problem occurs when the first writer's session object is longer than the second's. If that happens, since the second writer doesn't truncate() the file *again* after the flock() is acquired, you end up with trailing garbage in the session file. Adding: truncate(FH, 0); ... after the flock() and before the: print FH $self->freeze($data); ... should be enough to fix the problem. This occurs at least on 2.4 linux with perl 5.8.3. Reproduction is a real PITA, but we were able to do it by hacking the File driver to sleep for 2 seconds between file open and flock() and then having each writer write to a unique byte in the file. When we were finished, both writer's bytes were written.