Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Race condition in setitem() of session.DiskStore #182
DiskStore.setitem() does f.open(), f.write(), f.close() of session data. Problem is, if different thread attempt to open and read the same file, while the file is already opened for f.write(). The read returns zero bytes, resulting in session data decode failure, which percolates back as a session failure.
Solution can be to instead open a temporary file, write & close the temporary file, and then rename it to the proper file. This is guaranteed atomic. That way, there's always a valid session DiskStore.
session.py, approx line 260: