[sqli-ze] sessions: atomic session creation #979
Description
-
Today, a session is created as follows:
1) Lock Lit'ssessRegMumutex to ensure only one thread is trying to create a session at a time
2) call the session store'sdb.GetUnusedIDAndKeyPairmethod to find an unused alias & private key pair.
3) call theNewSessionfunction to construct a newSessionsobject (note: this does not touch the DB yet) .
4) Finally, call the store'sdb.CreateSessionmethod to actually go persist the new store.
5) unlocksessRegMu.
6) (For linked sessions: we also use theCheckSessionGroupPredicateto ensure any linked sessions are inactive.) -
How the above flow came about: For Autopilot sessions, we wanted to make sure we could successfully register a session with
Autopilotbefore actually going and persisting it to our DB. But at the time of registration, we already want to know the ID/Local pub key pair we will use for the session. This is why we would do all this in-memory only work before actually persisting the session. This is also why we needed to lock the mutex to ensure only one thread callsdb.GetUnusedIDAndKeyPairat a time. -
For a clean interface though, all the above should really happen atomically under a single database read transaction & we should not need to expose things like
db.GetUnusedIDAndKeyPairanddb.CheckSessionGroupPredicate. -
What we will instead do is:
- Add a newsession.State:SessionReserved, which will be the new first state of a session.
- Then, we will changeNewSessionto instead be a method on theStoreinterface. This will
- take care of finding a unique ID/Local key pair (so we can remove that from the interface).
- insert the new session but under theReservedstate.
- if a group is linked, here is where we will check that all other sessions are revoked. SoCheckSessionGroupPredicatecan also be removed from the interface.
-CreateSessionwill then only move a session fromReservedtoCreated.
- On DB startup, we make sure to delete all sessions in theReservedstate.