Fix session crash on server rejection during startup#207
Merged
SeanTAllen merged 2 commits intomainfrom Apr 14, 2026
Merged
Conversation
Server startup rejections like max_connections exhaustion crashed through an unreachable-state panic instead of reaching the application. Root cause: the two-bucket failure taxonomy (authentication_failed vs connection_failed) didn't match how PostgreSQL actually fails — any server ErrorResponse with an unmapped SQLSTATE reached _IllegalState(). Consolidate the two callbacks into pg_session_connection_failed, expand ConnectionFailureReason with SQLSTATE-specific variants, and centralize the mapping so no server error can reach _IllegalState() again. Fire pg_session_shutdown after every connection_failed so the "session torn down" signal is consistent across all failure phases. Closes #203
ponylang-main
added
the
discuss during sync
ponylang-main
removed
the
discuss during sync
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Server startup rejections like
max_connectionsexhaustion previously crashed the process through an unreachable-state panic instead of reaching the application. Root cause: the two-bucket failure taxonomy (pg_session_authentication_failedvspg_session_connection_failed) didn't match how PostgreSQL actually fails — any serverErrorResponsewith an unmapped SQLSTATE reached_IllegalState().This PR consolidates the two callbacks into
pg_session_connection_failed, expandsConnectionFailureReasonwith SQLSTATE-specific variants, and centralizes SQLSTATE → variant mapping in_ConnectionFailureReasonFromErrorso no server error can reach_IllegalState()again.pg_session_shutdownnow fires after everypg_session_connection_failedso consumers see a consistent "session torn down" signal regardless of which phase failed.Design: comment on #203. Follow-up issues for pre-existing silent-failure paths discovered during review: #204 (SCRAM signature verification bypass), #205 (parser malformed-ErrorResponse silent shutdown), #206 (SSL-negotiation junk-byte silent shutdown).
Breaking API change for a beta library — migration notes are in the release notes.
Closes #203