Log in

Double posts?

  • 29 Apr '16

I know this looks like it's technically not possible because of the rate-limiting, but somehow some users on my forum managed to create double posts. It's really hard to debug, and I haven't been able to reproduce it. The timestamps are within 1s of each other and it happened multiple times. I think they were on mobile (if that matters) and fiddling with quote/reply.

Any ideas on how to debug this further?

nitelyEsteban Castro Borsani
  • 5
  • 29 Apr '16

Are you using nginx? I think there is a bug (that's has been there for years) where it will retry POSTs. See this

Other than that, it may be the users are actually hitting the publish button twice.

Edit. On a second thought, as you've said, it should not be possible coz of the rate-limiter, the default is 1 post every 10 seconds, so there should not be two post with 1 second of difference. Weird. Have you change the default limit? What cache-backend are you using?

  • 30 Apr '16

Yes I use nginx. I did not change the rate-limit, so yeah, it doesn't make sense.

I use django's dbcache, but why would this matter? Nothing is cached on that view?

  • 30 Apr '16

The nginx bug sounds bad. Does it mean that if the django response takes too long nginx will just repeat the POST request? Even if this was the case (which I doubt) the rate limiter should catch this.

nitelyEsteban Castro Borsani
  • 30 Apr '16

I use django's dbcache, but why would this matter? Nothing is cached on that view?

The rate-limit uses the cache. If you tell me you are using the in-memory cache, and you spawn two django workers, then you have two process with their own cache (not shared). So, the rate-limit would not work properly. That's why I asked, but if it's the database-backend then it sould be ok.

The nginx bug sounds bad. Does it mean that if the django response takes too long nginx will just repeat the POST request?

Yep.

Does this happens when commenting or when creating a topc? Are you absolutely sure the timestamps are within 1 sec of each other? Double check please.

  • 2
  • 30 Apr '16

Quadruple actually:

2016-04-09 02:49:23.688024+00:00
2016-04-09 02:49:23.696548+00:00
2016-04-09 02:49:23.704430+00:00
2016-04-09 02:49:36.686916+00:00

This was a comment.
I assume the last one at 02:49:36 was a manual retry which went through since it was more than 10s later. How the other three happened is the real mystery though...

nitelyEsteban Castro Borsani
  • 30 Apr '16

I was just reading the rate-limiter code. There is a race condition, the cache key is being retrieve-updated and that's not an atomic operation. With those timestamps I'd say that's the reason.

I've fixed it (I'll push the code in a minute), replacing the retrieve-update by a incr() call. But the only backend supporting atomic incr is memcache

Anyway, double posts should really be handled by other means.

nitelyEsteban Castro Borsani
  • 1 May '16

I've fixed it (I'll push the code in a minute)

Done. It won't change anything in your case, since you are using the db cache.

Anyway, double posts should really be handled by other means.

I'll try and get something done tomorrow.

  • 1 May '16

Ok cool. Thanks for the fast response. Let me know how it goes.

nitelyEsteban Castro Borsani
  • 2 May '16

I started working on this here, but I'm not sure how to give a good UX to these users (with bad connections?).

If the rate-limiter fails, then it's all good, they get redirected to the last comment (probably theirs). If it doesn't, then they get the "too many requests" message , then when they retry they will get redirected to the last comment or get the message again.

I could add an extra anti-double-post check before the rate-limit call, but there will be race conditions, they may get the rate-limit message (at most) once.

  • 11 May '16

It seems it's mostly a UX problem. I found a couple more occurrences where the posts were more then 10s apart. It seems that users with very bad connections get confused and post twice.

nitelyEsteban Castro Borsani
  • 11 May '16

Yeah, the proposed solution does prevent double posts, though. They may still see the rate-limit message, and fixing that would require some kind of user-trust system to replace it.

I'll merge the branch in the next couple of days.

nitelyEsteban Castro Borsani
  • 1
  • 15 May '16

Just opened the pull request if you have time to review it, it would be awesome

Reply