MultipleObjectsReturned: get() returned more than one LibertySessionDump -- it returned 2!
I am not sure how things happened, multiple concurrent SSO made twice the same object in saml_libertysessiondump. (the concurrent SSO were the result of calls to menu.json of various applications, when building the sidepage menu)
File "/home/fred/src/eo/authentic/src/authentic2/idp/saml/saml2_endpoints.py", line 526, in sso return sso_after_process_request(request, login, nid_format=nid_format) File "/home/fred/src/eo/authentic/src/authentic2/idp/saml/saml2_endpoints.py", line 894, in sso_after_process_request load_session(request, login) File "/home/fred/src/eo/authentic/src/authentic2/saml/common.py", line 286, in load_session kind=kind) ... MultipleObjectsReturned: get() returned more than one LibertySessionDump -- it returned 2!
I wondered if maybe it was because it reused an old session key but the id say otherwise.
authentic_multitenant=> select id from saml_libertysessiondump where django_session_key = 'jqpvw7iayben5i5a50epqk2jvjmhsmp4'; id ---- 30 31
#1 Updated by Benjamin Dauvergne over 4 years ago
Bug is really difficult,
get_or_create() which used to save LibertySessionDump is not safe without a postgresql configured with the serializable isolation level, default level being read commited, as read commited cannot prevent the phantom read problem (the two transactions check if a given row, the two returns none, but in fact after the first transaction commit the second transaction pre-state has changed, there is now a row matching the query but it won't see it, see1).
Adding an unicity constraint on (django_session_key, kind) could maybe alleviate the biggest problem, that is the load_session() failing. But when two concurrent save will happen one them may fail but I think django has a retry loop inside get_or_create() to prevent the problem in most cases.
#3 Updated by Benjamin Dauvergne over 4 years ago
- % Done changed from 0 to 100
- Status changed from Nouveau to Résolu (à déployer)
Appliqué par commit authentic2|8a4830c6ca8c6a3cd0583da0a4fdbb9938e59625.