I'm pretty sure that the global special variables for the regex are the cause of errors I'm seeing on a rails app running under jruby/tomcat. I get random incorrect responses under load, and when I run the same input through in a single threaded sample script, it generates the correct response.
The "globals" for $~ and friends are not thread-local...they are frame-local (local to a given method activation). Normally this remains on one thread, but when a proc is captured and used across threads those variables can be updated in a concurrency-unfriendly way.
While it's OK to use regexp specials across threads, net-http-digest_auth is not thread safe.
For the current release you must wrap access to it with mutual exclusion due to @nonce_count.
I may be able to add a mutex around just incrementing the nonce_count, but I will need to check the RFC first.
Ya in our case that won't work, in a single rails instance we do around 2000 outgoing http requests per second across 100 or so threads. A mutex would not only be expensive, it would probably start blocking threads. Just creating a new instance for each requests works fine, I don't care about the nonce count.
The client nonce count is now incremented in a syncronized method for…
… thread safety. Issue #2
1.2 is now thread safe. It should be fine performance-wise to use this across multiple threads as the synchronized section is small (only around +=)
(revisiting this old one...)
I think there's a subtle thread-safety problem - on line 141 ( https://github.com/drbrain/net-http-digest_auth/blob/master/lib/net/http/digest_auth.rb#L141 ) we access the instance var @nonce_count which might have already been incremented by another thread since it was fetched from next_nonce. I think this line should refer to the local var nonce_count, like in line 123.
Good catch, do you want to make a pull request?
access nonce_count in a thread-safe way
The instance var @nonce_count is read and updated only once when
starting to generate the auth header value. Further accesses to the
nonce_count value are done using the local variable.
@drbrain here it is in #12 . I added an entry in History.txt under "Upcoming". Let me know if anything else is needed or any fixes are needed. Thanks!