search

AArhin / memcached-session-manager

Automatically exported from code.google.com/p/memcached-session-manager
0 stars 0 forks source link

Nonsticky-session support: Prevent concurrent session modification #71

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
For nonsticky-sessions concurrent modification of sessions would need to be 
handled, e.g. with some kind of locking: Each request loading a session from 
memcached would lock it until the end of the request. A request asking for the 
session would wait until it could aquire a lock. Locking sessions/requests 
could be restricted to PUT/POST/DELETE requests optionally.

Original issue reported on code.google.com by martin.grotzke on 30 Dec 2010 at 2:32

GoogleCodeExporter commented 9 years ago 
For applications that do not have concurrent requests modifying the session (or 
assume they don't have) at least some optimistic locking (e.g. using gets + 
cas) would be an option.

Original comment by martin.grotzke on 1 Jan 2011 at 1:27

GoogleCodeExporter commented 9 years ago 
Emulating pessimistic locking with the add command: 
http://code.google.com/p/memcached/wiki/FAQ#Emulating_locking_with_the_add_comma
nd

Original comment by martin.grotzke on 1 Jan 2011 at 1:32

GoogleCodeExporter commented 9 years ago 
This could also be made a little bit more intelligent: before the session is 
updated in memcached it's checked for modifications. If there are request 
patterns that access the session but don't modify it those requests could be 
served without session locking.

Original comment by martin.grotzke on 3 Jan 2011 at 12:14

GoogleCodeExporter commented 9 years ago 
Just implemented/pushed pessimistic session locking (aquire lock on session 
access, release at the end of the request).

Changeset: https://github.com/magro/memcached-session-manager/commit/db8afac4

Original comment by martin.grotzke on 3 Jan 2011 at 12:46

GoogleCodeExporter commented 9 years ago 
Added readonly request detection / locking mode AUTO (tested by 
NonStickySessionsIntegrationTest.testReadOnlyRequestsDontLockSession):
https://github.com/magro/memcached-session-manager/commit/f57c219

Original comment by martin.grotzke on 7 Jan 2011 at 1:14

GoogleCodeExporter commented 9 years ago 
Pattern based locking has been implemented with commit efa1983c: a regular 
expression is compared with the requestURI+queryString and the session is 
locked if they match.

Original comment by martin.grotzke on 26 Jan 2011 at 10:25

GoogleCodeExporter commented 9 years ago 
Fixed for inclusion in 1.4.0 release.

These locking strategies will be available:
- none: no locking at all (default)
- all: when a session is loaded as requested by the application it's locked 
until the end of the request/storage in memcached
- auto: requests that access the session readonly are auto detected and for 
further requests locking is skipped, for requests that modify the session a 
lock is aquired. the key is the requestURI+queryString
- uriPattern: a regular expression is compared with the requestURI+queryString 
and the session is locked if they match (in the configuration specified as 
uriPattern:<regexp>)

Original comment by martin.grotzke on 26 Jan 2011 at 10:28

GoogleCodeExporter commented 9 years ago

Original comment by martin.grotzke on 27 Jan 2011 at 10:34