DiskStore.setitem() does f.open(), f.write(), f.close() of session data. Problem is, if different thread attempt to open and read the same file, while the file is already opened for f.write(). The read returns zero bytes, resulting in session data decode failure, which percolates back as a session failure.
Solution can be to instead open a temporary file, write & close the temporary file, and then rename it to the proper file. This is guaranteed atomic. That way, there's always a valid session DiskStore.
session.py, approx line 260:
def __setitem__(self, key, value):
path = ...
pickled = ...
f = tempfile.NamedTemporaryFile(delete=False) # use tempfile rather that path
os.rename(f.name, path) # update path atomically
os.rename is only atomic on the same filesystem.
We should make sure that the tempfile and the destination path reside on the same disk.
see #191 for a similar solution.