I'm using CGI::Session (with the 'File' driver) within an AJAX-y, access controlled website. The user's session includes a flag indicating whether they are logged in, and other data relating to the state of the application.

As the user browses the site, it's quite common for any given AJAX request to take a while to complete (let's say, up to 10 seconds), whilst the user views the usual 'spinner' icon. The following scenario is therefore not unlikely:

Each of the requests above update completely different params in the user's session. Let's say the AJAX request calculates a total, and adds that to the session as 'total=1234' when done. The logout request sets the separate param 'logged_in=0'. There is therefore no conflict between the params being set, but the (surprising) problem I am experiencing is as follows:

The session data written by the logout request (setting the "logged_in" flag to false) will get completely overwritten a few seconds later when the previous request finishes running. This means that the user finds themselves viewing the logout page, but is still 'really' logged in.

Looking through the CGI::Session code, it's obvious why this is happening: each session write (via $session->flush) overwrites the session as a whole with whatever data exists within that request's session object, rather than only updating the data changed by that specific request.

Assuming each request is free to update session data at any point, this means that the state of the session following two concurrent requests is likely to be determined by the one that finishes running last - and NOT the one issued last. Any requests issued in the meantime but completing earlier are from a session perspective erased from history.

I'd be interested to know if any Monks have encountered a similar situation, and would welcome any suggestions for how to best address the problem case stated above? Is there a way to persuade CGI::Session to behave differently?

Thanks all!

Update: Removed reference to $session->write.

In reply to Concurrent requests on the same CGI::Session by webdeveloper

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.