Tuesday, February 28th, 2006
He quotes Marc Wandschneider as saying, basically, that since PHP scripts are executed in their own little environment, there’s not so much worry about the access of more than one page at once on that instance. Ajax breaks this model, however, making it possible to pull several pages from different instances all into one place. This could cause a “race condition” with your session information on the server if not handled correctly.
Now before I go any furtherâ€”this is not a PHP problem despite the title (I hope the web ring is paying attention)- this is is a feature of HTTPâ€”itâ€™s stateless. The problem is really the blurring of lines AJAX introducesâ€”this goes right to the line between the two kinds of AJAX – is the client or the server managing state?
Iâ€™d broaden that a littleâ€”in short, using a stateless protocol like HTTP, any attempt to lock server side resources across requests will always be an ugly and potentially dangerous hack. For example, what if the client suffers a power cut, shortly after locking something?
In more references to quotes from Mr. Wandschneider, he also notes that the best way to deal with scripts/applications that might cause these sorts of problems is just to avoid them all together. More often than not, they’re just not worth the headaches they will cause. He also suggests that a move to a J2EE platform might not be the best answer if the bridging of session data across multiple sessions is needed, as suggested by Marc.
Posted by Chris Cornutt at 7:55 am