[development] Threading problems?
dan at drob.org
Fri Sep 26 05:28:34 UTC 2008
I'm seeing a difficult to understand error that looks like a threading
1. Takes data from an anonymous user (node add).
2. Creates a filename based on an md5 of a secret, the endusers email,
3. Saves data to the file
4. Sends an email to user with a link to the file created
5. Displays a "complete" page that has the link to the file.
Operations 2 and 3 happen within a single procedure
The filename is determined thusly:
$filename = md5($conf['myapp_secret_salt'] +
$form_state['values']['Qualifyers']['Email'] + time());
Then I prepare data and write the file, then stash the filename in
$_SESSION (for use later)
$_SESSION['myapp']['filename'] = $filename;
$_SESSION['myapp']['UserRegFormUrl'] = $params['filenameurl'];
setcookie('myapp:filename', $filename); // this is somewhat of a
hack to trap errors - see below.
$form_state['values']['AdditionalQs']['Email'], NULL, $params, NULL, TRUE);
myapp_mail receives the filename from $params above, prepares and sends
an email with a link to the file to the end-user.
In step 1 above in the form I:
$form['#redirect'] = 'registration/complete';
The node at registration/complete has some php in it that fetches the
global variables (with the filename) and outputs a link to the file in
So that is the whole process. The problem I'm having is that some users
are being pointed to files that belong to other users. I believe this
is happening both in the email as well as on the registration/complete
form. Some people have reported receiving links to files that were for
another user. Also I put some trap code in the registration/complete
form. The form fetches the filename from $_SESSION and compares it to
the filename in the cookie - if they don't match it errors. That code
is being tripped.
I looked at recent occurrence of the error and the two nodes involved
(one for each of the users) had exactly the same time created timestamp.
My assumptions have been:
- Anonymous sessions are tied to a particular connection and data in
$_SESSION is not shared.
- PHP procedures are threadsafe
I'm running PHP 5 on Red Hat.
What am I doing wrong?
More information about the development