[mod_python] Protecting Web apps from to many simultaneous clicks/Hacking

SAiello at Jentoo.com SAiello at Jentoo.com
Fri May 14 14:36:14 EDT 2004

On Friday 14 May 2004 09:56 am, Gregory (Grisha) Trubetskoy wrote:
> With session locking on (which would be true in the code above), once one
> process reaches 2, no other process will be able to get past 1 until the
> first request is over. So there is no race condition, unless I'm missing
> something.

With that 1st code sample of mine, if racing = my broweser waiting forever for 
a response from the server, because my code was stuck in the while loop. Then 
I was somehow racing. I think it could of been my code though, it wasn't the 
best of examples. 

Since my original post, I have since updated how I manage multiple 
simultaneous sessions. If you like I can create a test script using the first 
one to test for racing to confirm that I was.

Since I am not very knowledgeable on the dynamics of Apache, I can only guess 
why I was racing. But when I was clicking wildly at the mod_python page, I 
had top open on the server. Sometimes I would see an apache process marked as 
defunct. Could it be this process, incremented the session variable, then it 
went defunct, hence never decrementing the session var ?

Server Specs:
  Gentoo distribution of GNU/Linux, kernel 2.6.4
  Apache 2.0.49 with berkdb, gdbm, & ldap compiled in.
  mod_python 3.1.3

More information about the Mod_python mailing list