Race condition in setitem() of session.DiskStore #182

pbuckner opened this Issue Sep 24, 2012 · 1 comment


None yet
2 participants

DiskStore.setitem() does f.open(), f.write(), f.close() of session data. Problem is, if different thread attempt to open and read the same file, while the file is already opened for f.write(). The read returns zero bytes, resulting in session data decode failure, which percolates back as a session failure.

Solution can be to instead open a temporary file, write & close the temporary file, and then rename it to the proper file. This is guaranteed atomic. That way, there's always a valid session DiskStore.

session.py, approx line 260:

class DiskStore(Store):
  def __setitem__(self, key, value):
    path = ...
    pickled = ...
        f = tempfile.NamedTemporaryFile(delete=False)  # use tempfile rather that path
            os.rename(f.name, path)  # update path atomically
    except IOError:

os.rename is only atomic on the same filesystem.
We should make sure that the tempfile and the destination path reside on the same disk.
see #191 for a similar solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment