[rt-users] SelfService interface probs

Robie Basak robie at principle.co.uk
Wed Aug 14 04:48:04 EDT 2002


On Tue, 2002-08-13 at 22:32, Beachey, Kendric wrote:
> From: Robie Basak [mailto:robie at principle.co.uk]
> > On Tue, 2002-08-13 at 00:18, Josh Richards wrote:
> > > From the SelfService interface if an unprivileged user creates a new
> > > ticket it is submitted properly but upon clicking the 
> > "Create Ticket"
> > > button they get an RT Error: "No permission to display that ticket."
> > > Afterwards the user can see the ticket in their list of 
> > open tickets and
> > > even view the details.  It's like there is a race condition 
> > just after
> > > the ticket is submitted that creates a period right 
> > afterwards where the
> > > user can view the ticket they just submitted.
> > > 
> > > Anyone else experience this?
> > 
> > I've seen exactly the same behavour, but haven't looked in to it.
> 
> I think I saw something similar here.
> 
> One guy created a ticket and CCed someone who didn't have an account on RT
> yet.  When activity ensued on the ticket, the CC guy tried to reply to the
> e-mail he found in his box.  RT, receiving a message from an unknown party,
> created an account for him.
> 
> But then this apparent race condition reared its head, and he got a message
> back (from ME, as far as he could tell) saying "Permission Denied".  After I
> had him try creating a ticket and messing around with it, we found his
> account was working just fine.  It was just for that crucial instant that it
> wasn't set up all the way yet, apparently.

Thinking about it, I can make a guess as to what's happening.

One instance of Apache handled the first request (to create the ticket
or whatever). That corresponding instance of RT created the ticket
inside a database transaction, and committed it.

Then, another instance (hence definitely a different db handle) did a
query. There's no guarantee that the transaction will yet be seen by
anyone else, because transactions either get seen or don't. So
presumably the database was still busy with it, and would've only shown
it's existence to the previous instance.

So, if I'm right, using the same db handle consistently would fix it.
I'm not sure if that corresponds to running a single apache process or
not, but whichever way it would hit performance.

Or the second instance should wait until the first's transaction
appears, but there's no guarantee that it will because you could've
requested to view an invalid ticket.

I suppose that's just an example of why web-based interfaces aren't
ideal for these things, though unfortunately it's the best we have at
the moment.

[...]

Robie.




More information about the rt-users mailing list