Race condition in Flask session data
It is possible for race conditions to occur in loading and saving the Flask session data, causing data loss.
A solution would be to use an extension to store the session data in a centralized place, instead of client side. The best option IMO is flasksession
with the Redis backend.
This also solves another issue that the session data is not accessible in Celery workers, as the SECRET_KEY
that is issued to encrypt the session data is random for each instance of a Flask app (Celery workers have their own Flask app instance).
!362 (merged)
Extra description fromAfter some investigation I found that there is a race condition. It happens more often with the mock server as the request is quicker.
As you open a page, the following happens:
-
GET url/to/view
GET api/oauth/start?userurl=/url/to/view
GET api/oauth/grader
Both calls to api/oauth/start
and api/oauth/grader
are emitted at the same moment, originating from the componentDidMount
of the Login
and NavBar
components respectively. Both requests load the same session data from the request at the same time, but the request that finishes last overwrites the session data from the other. This means that if api/oauth/grader
finishes later, the session data gets overwritten with unaltered data, undoing the effects of api/oauth/start
.