Via Praetorian Prefect -
Users are reporting issues trying to pre-order the ability to purchase the latest iPhone 4 on June 24th when they go on sale from what is basically just a complete overwhelming off the systems designed to take the orders. AT&T’s web interface at brick and mortar shops is failing to the point where orders are being taken with pen and paper, and the Apple web site is acting clunky. But the most serious issue people are reporting is that upon logging into AT&T online to place the order, other user’s information is coming up including billing information, call history, and so forth.
[...]
So if we look at this, without any other information, how do we decide that one user logging in and seeing another user’s information is probably not the result of a weekend systems’ upgrade? Because we’ve seen this behavior before, a lot. When you stress test a web site, its not uncommon to see functions that return and read user sessions get garbled, and web sites start to return pages for the wrong user session.
When you log into a web site a session gets created and some sort of persistence mechanism is returned to maintain the session (usually a session cookie, but there are other less used methods available). Every “logged in page” reads this session identifier to determine whether the user is logged in and uses it to return the right information. Further complexity is usually introduced into large web sites, where some sort of load balancing is taking place, and therefore a user’s session has to be found amongst data centers, servers, and so forth.
When you overload the capacity of programs that read, manage, and create sessions, bad stuff happens like sessions getting crossed. Since the AT&T site was probably under a severe and unusually high server load today, the site went haywire (in our technical opinion).
How do you prevent this from happening? Add occasional and event driven stress testing to your quality assurance processes, you will find a number of unusual and difficult to solve problems result. At the very least you will know how your web application acts under unusually high loads, and thus not be surprised when the Apple fanboys come calling for Steve’s latest masterpiece.
No comments:
Post a Comment