Skip to content
Browse files

Fixed #8616 -- Fixed a race condition in the file-based session backend.

Thanks to warren@wandrsmith.net for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8688 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 6e841ca commit 02f86a1c7c240b80c486269e3b16131a7b44d637 @malcolmt malcolmt committed
Showing with 41 additions and 8 deletions.
  1. +1 −0 AUTHORS
  2. +40 −8 django/contrib/sessions/backends/file.py
View
1 AUTHORS
@@ -363,6 +363,7 @@ answer newbie questions, and generally made Django that much better:
Ben Slavin <benjamin.slavin@gmail.com>
sloonz <simon.lipp@insa-lyon.fr>
SmileyChris <smileychris@gmail.com>
+ Warren Smith <warren@wandrsmith.net>
smurf@smurf.noris.de
Vsevolod Solovyov
sopel
View
48 django/contrib/sessions/backends/file.py
@@ -5,7 +5,9 @@
from django.conf import settings
from django.contrib.sessions.backends.base import SessionBase, CreateError
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
+from django.core.files import locks
+IO_LOCK_SUFFIX = "_iolock"
class SessionStore(SessionBase):
"""
@@ -42,17 +44,35 @@ def _key_to_file(self, session_key=None):
return os.path.join(self.storage_path, self.file_prefix + session_key)
+ def _key_to_io_lock_file(self, session_key=None):
+ """
+ Get the I/O lock file associated with this session key.
+ """
+ return self._key_to_file(session_key) + IO_LOCK_SUFFIX
+
def load(self):
session_data = {}
try:
- session_file = open(self._key_to_file(), "rb")
+ # Open and acquire a shared lock on the I/O lock file before
+ # attempting to read the session file. This makes us wait to read
+ # the session file until another thread or process is finished
+ # writing it.
+ lock_path = self._key_to_io_lock_file()
+ io_lock_file = open(lock_path, "rb")
+ locks.lock(io_lock_file, locks.LOCK_SH)
try:
+ session_file = open(self._key_to_file(), "rb")
try:
- session_data = self.decode(session_file.read())
- except (EOFError, SuspiciousOperation):
- self.create()
+ try:
+ session_data = self.decode(session_file.read())
+ except (EOFError, SuspiciousOperation):
+ self.create()
+ finally:
+ session_file.close()
finally:
- session_file.close()
+ locks.unlock(io_lock_file)
+ io_lock_file.close()
+ os.unlink(lock_path)
except IOError:
pass
return session_data
@@ -76,11 +96,23 @@ def save(self, must_create=False):
# truncating the file to save.
session_data = self._get_session(no_load=must_create)
try:
- fd = os.open(self._key_to_file(self.session_key), flags)
+ # Open and acquire an exclusive lock on the I/O lock file before
+ # attempting to write the session file. This makes other threads
+ # or processes wait to read or write the session file until we are
+ # finished writing it.
+ lock_path = self._key_to_io_lock_file()
+ io_lock_file = open(lock_path, "wb")
+ locks.lock(io_lock_file, locks.LOCK_EX)
try:
- os.write(fd, self.encode(session_data))
+ fd = os.open(self._key_to_file(self.session_key), flags)
+ try:
+ os.write(fd, self.encode(session_data))
+ finally:
+ os.close(fd)
finally:
- os.close(fd)
+ locks.unlock(io_lock_file)
+ io_lock_file.close()
+ os.unlink(lock_path)
except OSError, e:
if must_create and e.errno == errno.EEXIST:
raise CreateError

0 comments on commit 02f86a1

Please sign in to comment.
Something went wrong with that request. Please try again.