Double user profiles created [#2087401]

Running a high traffic site with many users, all of a sudden double user profiles started appearing.
The url fb/ajax/session_change was triggered twice.
However checks are in place to prevent double user creation, it still happens, because the requets are processed by two separate servers, in the exact same time.
The cause of the problem: fb_connect and db.js both doing this:

 jQuery(document).bind('fb_session_change', FB_Connect.sessionChangeHandler);

If you want to see the bindings, use this in your js console:

jQuery._data( document, "events" );

Result was two bound events on 'fb_session_change';

I know it is not the best fix, but ut worked for me: i altered fb_connect.js with the following check to prevent this problem:

 jQuery(document).unbind('fb_session_change');
 jQuery(document).bind('fb_session_change', FB_Connect.sessionChangeHandler);

Feedback is more than welcome.

Comments

Comment #1

Dave Cohen CreditAttribution: Dave Cohen commented 14 September 2013 at 00:12

I wouldn't want to add that unbind, as it might interfere with a module that need to properly respond to a session change event.

What module provides db.js?

Comment #2

wouters_f CreditAttribution: wouters_f commented 25 September 2013 at 07:18

sorry that was a type: I meant fb.js

Comment #3

Dave Cohen CreditAttribution: Dave Cohen commented 8 October 2013 at 04:43

Status:

Needs review

» Needs work

fb.js does this

  var events = jQuery(document).data('events');          
  if (!events || !events.fb_session_change) {                                                                                       
    jQuery(document).bind('fb_session_change', FB_JS.sessionChangeHandler);                                                         
  }

and if I recall correctly that if clause is intended to let fb_connect.js (or anyone else) to bind the event instead of fb.js.

Your fix seems fine for your site, as long as no other modules listen for that event, which is the case unless you've written your own. It's not a great fix for every site. Are you compressing the JS or anything else that could change the order it is evaluated? Maybe something changed since that code was first tested.

Comment #4

Würden CreditAttribution: Würden commented 12 November 2013 at 15:04

I can confirm the issue on one of my high traffic production sites. drupal_sensei's solution seems ok as a temporary solution at least there have been no duplicate users today where I had around one duplicate user every hour yesterday (out of 10 to 20 new user sign-ups each hour).

Comment #5

Dave Cohen CreditAttribution: Dave Cohen commented 13 November 2013 at 00:31

CFE do you also have multiple load balanced servers?

Is it possible to ensure all the requests go to only one of the servers? I.e. make your load balancer aware of facebook's cookies?

Comment #6

Würden CreditAttribution: Würden commented 18 November 2013 at 09:51

No, we only have one big server which is load balanced and cached with Varnish. I will try to look into whether the load balancer can somehow be made aware of the facebook cookies.