-
Bug
-
Resolution: Fixed
-
Minor
-
3.9.3, 3.10, 3.11
in /lib/classes/session/redis.php
a session lock is acquired from redis with the following code:
$haslock = $this->connection->setnx($lockkey, $whoami); |
if ($haslock) { |
$this->locks[$id] = $this->time() + $this->lockexpire; |
$this->connection->expire($lockkey, $this->lockexpire); |
return true; |
}
|
Since the lock is acquired and expired in two separate calls it's possible for it to lock out a user indefinitely if moodle is taken down.
It should use the atomic call to set the expiry at the same time.
$haslock = $this->connection->set($lockkey, $whoami, ['nx', 'ex'=>$this->lockexpire]); |
if ($haslock) { |
$this->locks[$id] = $this->time() + $this->lockexpire; |
return true; |
}
|
We've seen this happen once in production. I'm more than happy to make a pr for this issue.
- blocks
-
MDL-66151 Performance: Allow session stores to fully manage the session
- Closed
- caused a regression
-
MDL-83003 INFO command not compatible with envoy proxy (Redis)
- Waiting for peer review
- has been marked as being related by
-
MDL-82889 Add environment check for Redis server and Redis PHP extension
- Open
-
MDL-74905 Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
- Closed
-
MDL-76724 Decide Moodle 4.3 requirements and push them to environment.xml (due date: 2023-05-08)
- Closed
-
MDL-78496 Decide Moodle 4.4 requirements and push them to environment.xml (due date for voting: 2023-11-13)
- Closed
-
MDL-70594 Decide Moodle 4.0 requirements and push them to environment.xml (due date: 2021-06-09)
- Closed
-
MDL-69308 Decide Moodle 3.11 requirements and push them to environment.xml (due date: 2020-12-21)
- Closed
-
MDL-71747 Decide Moodle 4.1 requirements and push them to environment.xml (due date: 2022-06-01)
- Closed
-
MDL-79809 Decide Moodle 4.5 requirements and push them to environment.xml (due date: 2024-05-27)
- Closed