[Catalyst] Session handling under heavy usage

Perrin Harkins perrin at elem.com
Wed Mar 22 19:57:31 CET 2006 

On Wed, 2006-03-22 at 10:42 -0800, apv wrote:
> 
> 
> ______________________________________________________________________
> 
> On Wednesday, March 22, 2006, at 10:30  AM, Yuval Kogman wrote:
>         The probability that two simultanous requests will both want
>         to
>         *write* to the session data is low, so that's why this locking
>         crap
>         hasn't been done yet (it's slow and hard).
> 
> Oh... that is not so good and comes as a bit of a shock to hear you
> say it
> since I've been admiring your work on Catalyst for a long time. The
> probability
> of race conditions in any kind of read/write system is very low but
> since
> it absolutely will happen given enough time, locking is mandatory for
> anything that could be considered professional. Or else it should have
> a big note in the BUGS which says:
> 
> "May infrequently drop, erase, or corrupt your session data at
> seemingly
> random, and impossible to predict intervals."

I think you're overestimating the problem a bit.  In most uses of
session data, a "last save wins" approach is fine, and exclusive locks
are not needed.  You didn't say how you store the sessions, but
Cache::FastMmap will never let your data get corrupted, and would only
drop or erase a session if you ran out of room in the disk space you
allocated for it.  The only thing that can happen here is that an update
could get lost if two updates overlap.

Fixing the lost update problem does require exclusive locks.  Be careful
what you wish for though.  The locking in Apache::Session has caused
many problems for people over the years.

Usually, when you have a situation that seems to call for exclusive
locking on sessions, you should be using a normal database table for
that information instead.  The concurrency and locking models for
databases are mature and well understood, and are much safer and more
efficient than trying to do exclusive locks at a session level.

If you really want sessions with exclusive locking, both Apache::Session
(which has nothing to do with Apache) and CGI::Session (which has
nothing to do with CGI) have it and will work fine with Catalyst.

- Perrin

More information about the Catalyst mailing list