Django sessions are not threadsafe

http://code.djangoproject.com/browser/django/trunk/django/contrib/sessions/models.py#L26

30 # FIXME: There is a *small* chance of collision here, meaning we will
31 # return an existing object. That can be fixed when we add a way to
32 # validate (and guarantee) that non-auto primary keys are unique. For
33 # now, we save immediately in order to reduce the “window of
34 # misfortune” as much as possible.

Well that’s annoying.

Someone pointed out to me that they had what sounded like concurrency problems with session IDs in Django. Turns out the session code isn’t threadsafe under heavy load. Argh.

There’s a patch available that seems to resolve the issues, but I haven’t tested it myself yet.

Patch available here: http://code.djangoproject.com/ticket/3716


About this entry