Response middleware can leak db connection
|Reported by:||Maniac <Maniac@…>||Owned by:||adrian|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Both modpython.py and wsgi.py do this:
try: request = ModPythonRequest(req) response = self.get_response(req.uri, request) finally: db.db.close() # Apply response middleware for middleware_method in self._response_middleware: response = middleware_method(request, response)
... meaning that if any response middleware uses db connection it will not be closed. The most common middleware doing it is Session.
The right thing to do would be stick the middleware part up under try block.
However even more right thing (I think) would be to refactor both request and response middleware application along with finally: part into BaseHandler._get_response to avoid maintaining identical code in modpython.py and wsgi.py.
Change History (6)
comment:2 Changed 10 years ago by junzhang.jn@…
- Resolution set to fixed
- Status changed from new to closed
comment:5 Changed 10 years ago by bryan@…
- Resolution fixed deleted
- Status changed from closed to reopened