search

fastify / session

Session plugin for fastify
Other
101 stars 43 forks source link

session Duplication #253

Open bianjunjie1981 opened 3 months ago

bianjunjie1981 commented 3 months ago

Prerequisites

Fastify version

4.26.0

Plugin version

10.7.0

Node.js version

20.11.0

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

14.2.1

Description

When the client creates a session: Services are multi-process, requests are concurrent and arrive at almost the same time, and multiple seesion ids may be created.

There is a time difference between determining the need to create and the creation process.

They have a slight time difference after creation, but they can be seen as duplicates. saveUninitialized there will be this repetition whether true or false.

Link to code that reproduces the bug

No response

Expected Behavior

No response

mcollina commented 3 months ago

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.

bianjunjie1981 commented 3 months ago

@mcollina

Thanks for the reply.

This one doesn't seem like an easy example. Let's talk a little bit about it. Based on my experience with programming languages, the process of session read creation can be blocking, i.e., only occupied. Of course this is a bad experience and it can block requests.

It's easy to understand, if you read it and it doesn't exist and you create it, it takes time, and in that time if another request comes and the session still doesn't exist, and this request also causes the create, it will be repeated, so there should be a lock holding mechanism, or you need to identify the same client to delete the previous create, To solve the duplication caused by this time difference.

I didn't read the plugin code. If there is no such mechanism in the plugin, it is almost certain that there will be duplication from scratch, it is just a matter of probability.

The duplication caused by the concurrent time difference is not very harmful, mainly occupying storage.

I would also like to know how to specify that some routes do not participate in session activity, that is, they do not cause session creation.

s
mcollina commented 3 months ago

When a user log in from a browser, they do 1 request, not multiple at the same time: they are logging in. So only one session is created.

deepakdingka commented 1 month ago

I am also facing the same issue, when user log in from browser it's 1 request but when I check my redis store it has multiple session id's.