Should I always need to use cflock with SESSION scope variables?

问题

I have a simple Form , which on submission sets a variable in SESSION like

<cfset SESSION.shownote = 1>

After firing an confirmation Email to the user , I am just deleting this variable from the Session.

<cfset structdelete(SESSION,"shownote")>

Do I really need to user cflock in this case ? I can not think of a Race condition here.

As SESSION varies from one user to another , Can anyone please suggest me exactly on which situation we should use cflock with session variables?

I have also heard that, CF9 and CF10 automatically handles session locking , is it true?

回答1:

A bit of googling probably could have had you answer your own question here, I think.

But, anyway, I wrote this up on my blog a while back: "Question: when to lock scopes".

The bottom line is that there's no intrinsic need to lock the session scope (since CFMX 6.0), however - as with any code - one should ensure not to create race conditions in one's code, and sensible use of locking mitigates this.

回答2:

If your application needs to check for the existence of SESSION.shownote or the value of SESSION.shownote, then you have a race condition and should use cflock.

Although your example did not include any such checks, presumably developers do no set variables for no reason. Let's say that your form processing script checks for the existence of SESSION.shownote and conditionally sends a confirmation e-mail if that condition is true.

I'll demonstrate the race condition. Let's say a user has 2 browser windows open to your example form. Both share the same session, and the forms are submitted at the same time. We'll call these submissions ONE and TWO.

Processing could happen like this, which causes no problems: