Optimistic Locking in Controllers: Best practice?

Hi,

I've searched the group archives on this, but could not find anything except an unanswered question that results from the same problem I encountered, or at least that's what I guess (http://groups.google.com/ group/rubyonrails-talk/browse_thread/thread/d771abdd51e12c8d/ 68d54f84c00fa45a).

The basic theory with locking is: Take two objects, save one of those, and saving of the second one will fail. Sounds nice and works very well in console, which is being demonstrated in the Rails cookbook etc.

BUT: When I want to do such a thing in a controller action it won't work the way it's supposed to (at least imho), because I am not retrieving the object from the form (say "edit") and re-using it, but rather retrieving a new instance by id with a before_filter get_user or whatever. Now if a second user saves the same object after I accessed the form, but before I submit my changes, his changes will be overwritten by mine without a StaleObjectError being risen, because the lock_version seems correct.

This really is NOT what I want locking to do for me. My aim is to prevent users from submitting forms with outdated data.

So now I came up with the idea of adding a hidden input "lock_version" to my forms and applying this param to my model instance in "update". Now locking will work properly, but this does not seem very clean as the user could just manipulate those data or remove the lock_version entirely, which would skip the locking protection.

Is there something like a "best practice" for implementing such a locking behavior in controllers? I've been thinking about checking if the lock_version is given in params with a before_filter or something, as well as storing instances of the model in session, but as I mentioned, this does not seem pretty clean code to me, so now I am hoping for someone who already thought more about this topic to help me out

Thanks in advance and greetings, Christoph Olszowka

Christoph Olszowka wrote:

So now I came up with the idea of adding a hidden input "lock_version" to my forms and applying this param to my model instance in "update". Now locking will work properly, but this does not seem very clean as the user could just manipulate those data or remove the lock_version entirely, which would skip the locking protection.

If your users wants to corrupt your data, optimistic locking is not going to solve the problem for you. Optimistic locking is not a security mechanism. Even if you did ensure that a user could not save stale data the user could just refetch the object from the database and update it again with whatever changes desired.

If you really, really want to ensure that no user ever submits stale data you could use a hash for comparison and record a new hash value in the record on each update. In that case you can ensure that no-one will ever be able to submit a stale record.

Hi Jacob,

I know that this kind of locking won't give me perfect safety, but I am rather aiming for some user convenience anyway. The main purpose should be to tell the user "Whoops, someone was quicker than you!" and throw him back to the page, rather than ensuring really perfect data consistency.

Greetings Christoph

That's why we have serer-side sessions. Save the lock_version value there. Do not save the entire model object though, storing model instances in the session is not just ugly, it's an almost certain way to introduce interesting, unreproducible bugs.

Given the amount of protection desired (convenience only, not security), this seems like a perfectly reasonable approach to me, and it's much better than storing it in the session because it makes the post stateless.

/Nick