Putting it simply, session is not being locked for read/write or otherwise checked for modifications to prevent overwriting them.
Description, on the time line:
time: 1 - request AAA start, reads the session.
time: 2 - request BBB start, reads the session.
time: 3 - request AAA modifies the session
time: 4 - request AAA ends and writes the modified session.
time: 5 - request BBB ends and writes the UNMODIFIED session it has in it's memory, and by that
overwrites the changes request AAA did.
I got this on request that spawned another two requests (Ajax).
Keep for each session key another entry with i't checksum.
If checksum changed since the time u read the session, merge, otherwise, overwrite.
Isn't this a duplicate of #37 ?
I would like this feature too, btw...