About concurrent control & reliability of oscommerce

[chunzhi]

Hi,

As I saw in source code, oscommerce2 doesn't use transaction for actions such as checkout. So I am a bit worry about concurrency issues & reliability of oscommerce.

 

Question 1: Is it possible that 2 customers buying a same item will both successfully checkout when there is only 1 item in stock? How do you handle such concurrency issue?

 

Question 2: Is it possible that consistency will be violated if system failure happens? For example, when a customer is checking out, the system will (1) insert the order into database; (2) decrease the number of items in stock. What if the whole server crashed after (1) but before (2)? After restarting, is it possible that the order is in database but the number of items in stock has not been changed? How do you handle such issue? If it might happen, how can administrator discover such consistent issue and recover from it?

 

p.s.: I know oscommerce 3 is using transactions, but I am much more interested in oscommerce 2 and want to know its reliability and design logic.

 

Sincerely,

Chunzhi

[Guest]

@@chunzhi

 

1) No, as long as you have stock control active. Whoever checks out first, gets the item.

 

2) Inventory reduction and completed checkout flags are processed AFTER checkout completion (checkout_success)

 

 

I have designed and built hundreds of osCommerce websites and have never had concurrency issues with properly coded carts.

 

 

 

Chris

[chunzhi]

@@DunWeb

 

Thank you for the information. But it's still amazing for me that how one can maintain atomicy without transaction? Even the inventory reduction are processed after checkout, it is still possible that system crash inside the reduction procedure. For example, if a user bought 10 items, what if the system crash after reducing the stock level of 5 items?

[Guest]

@@chunzhi

 

 

The chances of the system crashing and causing the scenario you are suggesting is very unlikely.

 

 

 

 

Chris

[chunzhi]

@@DunWeb

Thank you very much, I agree with you on the consistency issue after system crash, but I still worry about the concurrency bugs in oscommerce.

Let's look at the source code, version=v2.3.3

 

(1) The stock level check is in includes/checkout_process.php, line 57 to 67, fulfilled by tep_check_stock().

(2) After passing the check, there are operations and queries to create this order.

(3) Decrease of stock level is executed after check-out, but also in checkout_process.php (not checkout_success.php as you mentioned), between line 145 to line 179.

All of these database queries are executed as row-level separate queries rather than ACID transactions.

 

So, if two users simultaneously order a same product, whose quantity is 1. Nothing would stop them to execute stock level check together (and both will pass the check), insert the order together, and finally decrease stock level twice. In this case, both customers will successfully get the order, but stock level will become -1, and you cannot fulfill both orders. I think this will be a VERY BAD experience for customers, right?

 

Sincerely,

Chunzhi

[♥toyicebear]

It is possible that if 2 customers checkout at about the same time they might both be able to complete the purchase even if there is just 1 item in stock. (Possible, but not very likely)

 

You could modify the checkout and place stock checks at every step to reduce the risk of this happening even further.

 

If you are "very" wary of this happening you could go even further and do the stock subtraction at the beginning of the checkout instead of at the end. (Then you would also need to have a stock re-adjustment solution for unsuccessful checkouts)