[mod_python] Protecting Web apps from to many simultaneous clicks/Hacking

Gregory (Grisha) Trubetskoy grisha at modpython.org
Fri May 14 13:32:25 EDT 2004


I think Byron was referring to classic definition of a "race condition",
which is "whoever gets there first will determine the outcome of events"
(more info here http://en.wikipedia.org/wiki/Race_condition).

I think the racing you're referring to is called an infinite loop or a
stale lock. The former is an indiciation of a problem with your code, and
you should see a process on your server consuming a lot of CPU time when
this happens.

The latter could happen if httpd crashed before having a chance to release
the lock. If httpd crashed, you would see something in your error logs
like 'exited on signal 11'. Another possibility (of a stale lock) is that
somehow mod_python fails to release the lock, i.e. the cleanup isn't
executing, but in my experience cleanups are 100% reliable, I've never
seen one not executing.

So I would try to work towards figuring out conclusively what the issue is
narrowing it down to one of the possibilities I listed, from there we can
start solving the problem (or you'll solve it yourself in the process).

Grisha

On Fri, 14 May 2004, SAiello at Jentoo.com wrote:

> On Friday 14 May 2004 09:56 am, Gregory (Grisha) Trubetskoy wrote:
> > With session locking on (which would be true in the code above), once one
> > process reaches 2, no other process will be able to get past 1 until the
> > first request is over. So there is no race condition, unless I'm missing
> > something.
>
> With that 1st code sample of mine, if racing = my broweser waiting forever for
> a response from the server, because my code was stuck in the while loop. Then
> I was somehow racing. I think it could of been my code though, it wasn't the
> best of examples.
>
> Since my original post, I have since updated how I manage multiple
> simultaneous sessions. If you like I can create a test script using the first
> one to test for racing to confirm that I was.
>
> Since I am not very knowledgeable on the dynamics of Apache, I can only guess
> why I was racing. But when I was clicking wildly at the mod_python page, I
> had top open on the server. Sometimes I would see an apache process marked as
> defunct. Could it be this process, incremented the session variable, then it
> went defunct, hence never decrementing the session var ?
>
> Server Specs:
>   Gentoo distribution of GNU/Linux, kernel 2.6.4
>   Apache 2.0.49 with berkdb, gdbm, & ldap compiled in.
>   mod_python 3.1.3
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


More information about the Mod_python mailing list