[5.1] Concurrent requests wiping out the session #14385
Comments
|
Though this likely should be fixed, I suggest using Redis or Memcache driver if possible. As mentioned in other issues, there may be some file corruption going on when 4-5 things are trying to read/write the same file on the disk. |
|
The only true way to fix this is to not allow concurrent requests, since how do you know which request actually has the session data you want. A way to achieve this could be by making yourself a locking middleware. I've implemented on that only uses redis as a lock server. |
|
It only locks for "non-safe" requests, but could be modified to lock all requests per IP. |
|
What about a delay? Something like occ? |
|
Sorry about not noticing this issue earlier - @GrahamCampbell could you perhaps have a look at my description for #18187? This issue was referenced, but I'm thinking the issue is q bit different. Thanks! |
|
Am I correct that this issue (multiple concurrent requests will overwrite the session and thus cause token mismatches or unauthorized access errors) still exists in Laravel 5.7? And that using Redis or Cookies for session storage won't help since the session will still be non-atomically updated on requests? |
|
I don’t think it’ll be solved quickly. Avoid using sessions in laravel; I’ve moved towards an entirely stateless setup disconnectibg my frontend from the backend entirely, and consuming the backend api’s from my vue app using token bsed authentication. Laravel passport does work quite well for that purpose as well. |
We are using Laravel( framework version - 5.1.37) to create REST APIs which are then consumed by a NodeJS server. We are using file driver for session storage. On some of the pages, we need to make 5-6 API requests almost simultaneously, all of which are read requests not making any write on session. Most of the times, this cause the removal of session and hence user gets logged out.
I have seen the similar problems mentioned in #7549 #5416 , but haven't found any solution yet. Any suggestions ?
The text was updated successfully, but these errors were encountered: