Comments on: validates_uniqueness_of does not guarantee uniqueness

By: eno

eno — Wed, 04 Mar 2009 17:29:09 +0000

Hell, no, “A good work around is to use a SELECT FOR UPDATE wrapped in a transaction, which will lock the database.”, is a workaround, and a nonworking at that, because

* it breaks any login based on transactions (unless you run a database that supports nested transactions) and
* because it doesn’t work anyways because, erm, it just doesn’t work. Just try it manually in two MySQL consoles in parallel.

what *does* work instead is locking the database, see (if you are interested) the related posts here: http://1rad.wordpress.com/2009/02/23/0×17-atomic-science-revisited/

By: Hongli

Hongli — Tue, 25 Nov 2008 23:59:40 +0000

Fernando, I never claimed I discovered anything. I merely documented it.

By: fernando

fernando — Tue, 25 Nov 2008 23:55:13 +0000

You didn’t discover anything at all. This race condition is known for a long time. I posted something about it 6 months ago at the following link: http://www.ruby-forum.com/topic/154078

A good work around is to use a SELECT FOR UPDATE wrapped in a transaction, which will lock the database.

By: Henrik N

Henrik N — Wed, 29 Oct 2008 12:52:05 +0000

This is how I prevent double submits client-side: http://henrik.nyh.se/2008/07/jquery-double-submission

By: Eric

Eric — Wed, 24 Sep 2008 18:34:31 +0000

Typical Rubyist: If you read my comment, you would see I recommend client-side prevention _in addition to_ backend constraints. On many applications, the client-side component will prevent the vast majority of these problems, making for a much better visitor experience.

As a general rule, it’s a good idea to re-read a comment before you flat out insult it.

By: Hongli

Hongli — Tue, 23 Sep 2008 16:58:11 +0000

Typical Rubyist: it isn’t such a bad idea. Of course it shouldn’t be the *only* protection, but when implemented it can drastically reduce the chance of duplicate inserts.

By: Typical Rubyist

Typical Rubyist — Tue, 23 Sep 2008 15:40:46 +0000

Hahaha use JS to disable doubleclicks? Are you serious? If you rely on client, you will lose.

By: Hongli

Hongli — Mon, 22 Sep 2008 12:36:02 +0000

Fjan, transactions doesn’t help you here, even if you use serializable. Try it out for yourself. Unless user 2′s first SELECT statement blocks until user 1′s transaction has been completed (which PostgreSQL doesn’t do), transactions won’t prevent the duplicate insertion.

By: Fjan

Fjan — Mon, 22 Sep 2008 12:25:37 +0000

I don’t think this is true. By default ActiveRecord wraps all validations inside a transaction for precisely this reason, so as long as you do “the validates_uniqueness_of” inside the model where it belongs there should be no problem. You can try it by adding ‘BEGIN’ and ‘COMMIT” to your example, the second user should fail.

By: Manfred

Manfred — Mon, 22 Sep 2008 07:36:30 +0000

I think you mean “race conditions” instead of “racing conditions”. Nice find though.