[WIP] Wait for task no longer #9352
Conversation
|
@Fryguy This still stores the parameters in the session to be backwards compatible. Do you want to change 10 other controllers and remove this completely from the session? Pro: eradicates race condition and completely removes session values |
| end | ||
|
|
||
| browser_refresh_task(task_id, !!options[:flash]) | ||
| session[:async][:params] = async_params |
There was a problem hiding this comment.
I think you need the ||= {} up above to ensure this path exists.
There was a problem hiding this comment.
good eye.
My question below is if we can drop session[:async] all together.
In the meantime, I'll add it back.
| session[:async][:interval] ||= 1000 # Default interval to 1 second | ||
| session[:async][:params] ||= {} | ||
| async_interval = params[:async_interval] || 1000 # Default interval to 1 second | ||
| async_params = params[:async_params] || session[:async][:params] |
There was a problem hiding this comment.
I don't think I like the async_params coming in as a regular param - not sure why that is needed.
There was a problem hiding this comment.
that is the whole solution.
Otherwise it is a last one in. in our case, it gets blown away by notifications url hit.
| render :update do |page| | ||
| page << javascript_prologue | ||
| ajax_call = remote_function(:url => {:action => 'wait_for_task', :task_id => task_id}) | ||
| page << "setTimeout(\"#{ajax_call}\", #{session[:async][:interval]});" | ||
| ajax_call = remote_function(:url => {:action => 'wait_for_task', :task_id => task_id, :async_params => async_params, :async_interval => :async_interval}) |
There was a problem hiding this comment.
async_parameters have been removed. now it only contains async_interval
kbrock
force-pushed
the
wait_for_task
branch
from
da10933 to
f1886c5
Compare
|
ok, so we have a security problem just passing the action. The The action typically comes from params[:action] which is the url but those are protected. This new way passes action as a param (user editible) and that is not protected like it is when it comes in via the url. I can probably change these urls to have a single url with a blocker on a completed task_id (vs having a Aside: Also, these all use rjs. Would have been nice to drop that as well, but this is starting to get serious scope creep. |
|
WIP: moving parameters into the It is unfortunate that the task is created elsewhere - so we need to find and then update it |
kbrock
force-pushed
the
wait_for_task
branch
from
f1886c5 to
d79e60d
Compare
|
update:
WIP: This PR is complete. First commit is from #9358 - after merging, can up-WIP |
We were storing in session[:async][:params], but that ended up with a race condition and didn't allow multiple tabs
kbrock
force-pushed
the
wait_for_task
branch
from
d79e60d to
2241435
Compare
|
update:
|
Overview
Depends upon
Issue
The
wait_for_taskmechanism relies upon the session.Every http request changes the session. So when multiple requests come in, updates to the session can overwrite the changes done by another request.
Example:
Host's display of Cap&U was breaking because hits to notifications were overwriting the session variables. Note: VM's display of Cap&U was working fine because it did not have a hit to notifications (and therefore didn't have this race condition).
Solution
Move
wait_for_taskparameters from the session to the url.Before
initiate_wait_for_tasksetssession[:async][:params]withactionandparams{}browser_refresh_taskputs shim into web pagewait_for_taskwaiting for task to completesession[:async][:params]is used to complete actionAfter
initiate_wait_for_taskgathersasync_paramsbrowser_refresh_taskputs shim into web page withasync_paramswait_for_taskwaiting for task to complete.async_params) is used to complete action