session Duplication

[bianjunjie1981]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.26.0

Plugin version

10.7.0

Node.js version

20.11.0

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

14.2.1

Description

When the client creates a session:
Services are multi-process, requests are concurrent and arrive at almost the same time, and multiple seesion ids may be created.

There is a time difference between determining the need to create and the creation process.

They have a slight time difference after creation, but they can be seen as duplicates. saveUninitialized there will be this repetition whether true or false.

Link to code that reproduces the bug

No response

Expected Behavior

No response

[mcollina]

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.

[bianjunjie1981]

@mcollina

Thanks for the reply.

This one doesn't seem like an easy example. Let's talk a little bit about it.
Based on my experience with programming languages, the process of session read creation can be blocking, i.e., only occupied. Of course this is a bad experience and it can block requests.

It's easy to understand, if you read it and it doesn't exist and you create it, it takes time, and in that time if another request comes and the session still doesn't exist, and this request also causes the create, it will be repeated, so there should be a lock holding mechanism, or you need to identify the same client to delete the previous create, To solve the duplication caused by this time difference.

I didn't read the plugin code. If there is no such mechanism in the plugin, it is almost certain that there will be duplication from scratch, it is just a matter of probability.

The duplication caused by the concurrent time difference is not very harmful, mainly occupying storage.

I would also like to know how to specify that some routes do not participate in session activity, that is, they do not cause session creation.

[mcollina]

When a user log in from a browser, they do 1 request, not multiple at the same time: they are logging in. So only one session is created.

[deepakdingka]

I am also facing the same issue, when user log in from browser it's 1 request but when I check my redis store it has multiple session id's.

[deepakdingka]

@bianjunjie1981 did you figure out any work around for this? I am still facing this issue.

[bianjunjie1981]

@deepakdingka @mcollina

I didn't solve the problem.

I use session to store the login state, the user id, because the page is driven by multiple data interfaces, which are plugged in different processes, each of which detects the login state, and in fact most pages today do the same. These data interfaces are sent almost in parallel and arrive at the server almost identically.

If the client runs for the first time, at this time the client does not have a cookie, there is no session id, they must create and generate a session id, and write to the database, the session id left by the client should be the last one returned to the client.
So what I'm doing here is creating a redundant store of session ids for the first time, but without errors.

And I'm not using it for reading and writing that has that sort of sequential competition, which would be a mistake, because there's a sequential speed problem and no lock is almost certainly a mistake.

[mcollina]

It really seems a problem in the design of your application, or maybe this module is really not what you are looking for.

To provide better guidance, I would need a https://stackoverflow.com/help/minimal-reproducible-example.