Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Safety of Thread.current[] usage in rails

Tags:

ruby-on-rails

thread-safety

I keep getting conflicting opinions on the practice of storing information in the Thread.current hash (e.g., the current_user, the current subdomain, etc.). The technique has been proposed as a way to simplify later processing within the model layer (query scoping, auditing, etc.).

  • Why are my thread variables intermittent in Rails?
  • Alternative to using Thread.current in API wrapper for Rails
  • Are Thread.current[] values and class level attributes safe to use in rails?

Many consider the practice unacceptable because it breaks the MVC pattern. Others express concerns about reliability/safety of the approach, and my 2-part question focuses on the latter aspect.

  1. Is the Thread.current hash guaranteed to be available and private to one and only one response, throughout its entire cycle?

  2. I understand that a thread, at the end of a response, may well be handed over to other incoming requests, thereby leaking any information stored in Thread.current. Would clearing such information before the end of the response (e.g. by executing Thread.current[:user] = nil from a controller's after_filter) suffice in preventing such security breach?

Thanks! Giuseppe

like image 739
Giuseppe Avatar asked Oct 25 '11 21:10

Giuseppe

People also ask

What is thread safe rails?

Thread safety in Rails avoids the aforementioned race conditions. It means that, in a multithreaded web-server environment, our code should be thread safe. If multiple threads are accessing our web application then our shared data should not be corrupted when all threads finish processing.

What is Ruby thread safe?

Thread-safe globalsRuby offers built-it support for so-called thread-local variables. Each thread can work as a kind of a hash for storing values accessible globally in the app but only from this single thread.

Does Rails use threads?

Rails as a framework is thread-safe. So, the answer is yes!

What is thread current?

The current thread is the currently executing thread object in Java. The method currentThread() of the Thread class can be used to obtain the current thread. This method requires no parameters.

1 Answers

There is not an specific reason to stay away from thread-local variables, the main issues are:

  • it's harder to test them, as you will have to remember to set the thread-local variables when you're testing out code that uses it
  • classes that use thread locals will need knowledge that these objects are not available to them but inside a thread-local variable and this kind of indirection usually breaks the law of demeter
  • not cleaning up thread-locals might be an issue if your framework reuses threads (the thread-local variable would be already initiated and code that relies on ||= calls to initialize variables might fail

So, while it's not completely out of question to use, the best approach is not to use them, but from time to time you hit a wall where a thread local is going to be the simplest possible solution without changing quite a lot of code and you will have to compromise, have a less than perfect object oriented model with the thread local or changing quite a lot of code to do the same.

So, it's mostly a matter of thinking which is going to be the best solution for your case and if you're really going down the thread-local path, I'd surely advise you to do it with blocks that remember to clean up after they are done, like the following:

around_filter :do_with_current_user  def do_with_current_user     Thread.current[:current_user] = self.current_user     begin         yield     ensure         Thread.current[:current_user] = nil     end       end

This ensures the thread local variable is cleaned up before being used if this thread is recycled.

like image 196
Maurício Linhares Avatar answered Sep 22 '22 12:09

Maurício Linhares
Sign in to Comment

Related questions

Limitations in running Ruby/Rails on windows
How to instantiate class from name string in Rails?
Ruby: How to make a public static method?
What exactly is Rake?
SimpleForm without for (non model form)
Rails: Update model attribute without invoking callbacks
How to have a drop down <select> field in a rails form?
With Capybara, how do I switch to the new window for links with "_blank" targets?
How can I determine if my rails is in the development environment and not the test environment?
Rolling back a failed Rails migration
How do I use "gets" on a rake task?
What to use instead of `render :text` (and `render nothing: true`) in rails 5.1 and later?
rails rspec before all vs before each
Array.join("\n") not the way to join with a newline?
How to manage Rails database.yml
Protected and private methods in Rails
How to get a single column's values into an array
Check if not nil and not empty in Rails shortcut?
Rails 3: How to get today's date in specific timezone?
How to add minutes to a Time object

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!