|Subject:||Apache::Session::Lock::Flock unlocks transactional sessions!|
On Solaris and Linux (and probably everywhere with flock) getting a Read lock when a Write lock is being held downgrades the write lock to a read lock. Apache::Session gets a write lock when it ties the session hash (if the Transaction option is used) then when the restore happens it unconditionally acquires a read lock. This downgrades the lock and basically removes the transaction-ness... My handler differentiates page requests to the main pages that change the state from page requests to ancillary objects (images, incudes, etc.). The main pages get the state with Transaction set (to block subsequent requests) and the ancillary requests don't. However all requests (used to) update the session object with the last access time so we can time out stale sessions and force re-authentication. So imagine this scenario with requests W and R to the same session: 1 Request W which will change the session state 2 W ties the session with Transaction set 3 W gets the session starts processing 4 Request R comes in which won't write anything important to state 5 R ties the session without Transaction set 6 R gets the session and starts processing 7 W finishes processing and writes out 8 R finishes processing and writes out Now the final state will not reflect W's changes! This is not a hypothetical scenario, it has been happening to us. It was tough one to track down.