Tuesday, November 25, 2014

Re: Preventing race conditions when submitting forms

On Tuesday, November 25, 2014 7:57:08 AM UTC-8, Paul Johnston wrote:
Hi,

Consider an e-commerce site, where Alice and Bob are both editing the product listings. Alice is improving descriptions, while Bob is updating prices. They start editing the Acme Wonder Widget at the same time. Bob finishes first and saves the product with the new price. Alice takes a bit longer to update the description, and when she finishes, she saves the product with her new description. Unfortunately, she also overwrites the price with the old price, which was not intended.

It's worth noting that the controller methods are thread-safe in themselves. They use database transactions, which make them safe in the sense that if Alice and Bob try to save at the precise same moment, it won't cause corruption. The race condition arises from Alice or Bob having stale data in their browser.

Does Django have any way to prevent these race conditions? Just rejecting the second edit with an "edit conflict" message would be a start - although some intelligent merging would be even better.

Thanks,

Paul

Another option to consider for the problem you describe is to separate the product description and pricing into separate tables linked by foreign key, then restrict editing of each based on the user's group permission. I'm currently working on a sort of B2B e-commerce project where pricing can be different for each customer based on contract agreements (10 or so prices per product right now). We don't yet have a need for separate staff to edit products and prices, but the capability is there if it's ever needed.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/68d0d761-6b67-4fe0-b8b7-71c12a31b0b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)