How to Treat Race Condition of Session in Web Application?

Posted by Morgan Cheng on Stack Overflow See other posts from Stack Overflow or by Morgan Cheng
Published on 2010-04-03T13:45:56Z Indexed on 2010/04/03 13:53 UTC
Read the original article Hit count: 242

Filed under:

session

|

consistency

|

lock

|

ASP.NET

I was in a ASP.NET application has heavy traffic of AJAX requests.

Once a user login our web application, a session is created to store information of this user's state. Currently, our solution to keep session data consistent is quite simple and brutal: each request needs to acquire a exclusive lock before being processed.

This works fine for tradition web application. But, when the web application turns to support AJAX, it turns to not efficient. It is quite possible that multiple AJAX requests are sent to server at the same time without reloading the web page. If all AJAX requests are serialized by the exclusive lock, the response is not so quick. Anyway, many AJAX requests that doesn't access same session variables are blocked as well.

If we don't have a exclusive lock for each requests, then we need to treat all race condition carefully to avoid dead lock. I'm afraid that would make the code complex and buggy.

So, is there any best practice to keep session data consistent and keep code simple and clean?

© Stack Overflow or respective owner

Related posts about session

any clue in these logs why keyboard audio and internet are messed up

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Jun 7 00:01:18 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 00:01:18 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 00:01:26 Isis polkitd(authority=local): Registered Authentication Agent for… >>> More
session variables lost between pages or use same variables

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Yesterday I learn many thing from you, especially from Marc and my problem was solved ( session variables lost between pages or use same variables ). But now I continue asking: I don't want to use Session ID(session.use_trans_sid = 1) between pages. But also I don't want to use same session… >>> More
WTSQuerySessionInformation returning empty strings

as seen on Stack Overflow - Search for 'Stack Overflow'
I've written a program which should query the Terminal Services API and print out some state information about the sessions running on a terminal services box. I'm using the WTSQuerySessionInformation function to do this and it's returning some data but most of the data seems to be missing... Does… >>> More
Can I set Session timeout for a specified Session variable differently than other Session Variables

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to set the timeout on a specific Session Variable in a .Net web application, but leave other Session variables alone. Is this possible? Example: I have 5 Session Variables Session(var1) Session(var2) Session(var3) Session(var4) Session(var5) I want to set it so that Session(var1) through… >>> More
PHP upgrade to 5.3 from 5.2, sessions no longer get stored

as seen on Server Fault - Search for 'Server Fault'
background link: http://stackoverflow.com/questions/7014945/php-upgrade-5-2-to-5-3-session-issue I have upgraded PHP on my 2008 std server from PHP 5.2 to PHP 5.3. Following the upgrade, sessions no longer work correctly. I have copied over the settings from my PHP.ini files which are applicable… >>> More

Related posts about consistency

Architectural Layers and Tips on how to Achieve Architecture Consistency

as seen on Internet.com - Search for 'Internet.com'
Architectural roles can make a project great or set you back to the drawing board. Read on to discover the many architectural roles in your project life cycle and how to achieve consistency throughout. >>> More
Read Consistency & Deadlines: More control of your Datastore

as seen on Google Code - Search for 'Google Code'
Last week we announced the 1.3.2 release of the App Engine SDK. We’re particularly excited about two new datastore features: eventually consistent reads, and datastore deadlines. Read Consistency... >>> More
Why do I bother with RAID 10 ?

as seen on SQL Blogcasts - Search for 'SQL Blogcasts'
Before I post anything I just want to clarify what I mean by RAID 10 , this is sets of mirrored pairs that have been striped as against a RAID 0 which has been mirrored. I've just had a disk failure in the data array for one of my dev servers, it's an eight disk raid 8, no real worries, replace… >>> More
Differences in documentation for sys.dm_exec_requests

as seen on SQL Blog - Search for 'SQL Blog'
I've already complained about this on Connect ( see #641790 ), but I just wanted to point out that if you're trying to make sense of the sys.dm_exec_requests document and what it lists as the commands supported by the percent_complete column, you should check which version of the documentation you're… >>> More
Differences in documentation for sys.dm_exec_requests

as seen on SQL Blog - Search for 'SQL Blog'
I've already complained about this on Connect ( see #641790 ), but I just wanted to point out that if you're trying to make sense of the sys.dm_exec_requests document and what it lists as the commands supported by the percent_complete column, you should check which version of the documentation you're… >>> More