[Catalyst] Race condition in Catalyst::Plugin::Session and Catalyst::Engine::Apache (possibly other engines too)

Matt S Trout dbix-class at trout.me.uk
Wed Sep 24 17:05:14 BST 2008

On Wed, Sep 10, 2008 at 06:59:21PM -0400, Sergio Salvi wrote:
> There is a race condition in C::P::Session when using
> C::Engine::Apache (and probably other engines too):
> I have a simple controller action (let's call it /save) that gets data
> submitted from an HTML form via POST, process that request, stores
> some stuff in the session and flash and then redirects with HTTP 303
> to another action (/display).
> The /display action then displays the regular "submit successful"
> message that was set on the previous action by using $c->flash. The
> problem is that the browser is GETting /display before /save is
> finished storing the session and flash rows in the database. Then, of
> course, /display thinks nothing has happened and doesn't display the
> data from flash.
> After a bunch of debugging and stack traces :), I figured out the
> problem is that C::P::Session's finalize() calls $c->NEXT::finalize()
> before calling $c->finalize_session, so
> C::Engine::Apache->finalize_body() gets executed *before* the session
> is flushed in the database, making the browser access /display even
> though the session may not be stored yet:

This was changed by Bill Moseley in order to fix a bunch of other bugs.

Have a look at the ChangeLog - maybe we could provide an option to reverse
the order or find another approach?

      Matt S Trout       Need help with your Catalyst or DBIx::Class project?
   Technical Director                    http://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/            http://www.shadowcat.co.uk/servers/

More information about the Catalyst mailing list