is there a race condition on the NONCE mechanism?

Question

is there a race condition on the NONCE mechanism?

Opened this issue a year ago · 1 comments

if there are 2 hits to the /app_launched endpoint, doesn't the second one overwrite the first hex? so on the next two /app_installed calls, only one will succeed?

Answer 1 · 2023-05-23T13:03:09.000Z

Hi, yes the use of globals will cause issues with multiple shops accessing this sample at the same time. If trying to migrate to a production app I'd suggest a more appropriate means of storing the nonces and authentication keys.

I'm afraid this sample has been fairly neglected; but if I get the chance to work on it again then perhaps I'll put in a dict as a stop-gap solution to avoid this issue and also add a note to the README.

Thanks for reporting!