Steps to reproduce
Summary
Some classes in EPiServer Commerce uses unsafe techniques for keeping per-request data. A high-traffic web site may experience data loss due to this issue. Mitigating circumstance is that there have been very few cases where we have been able to reproduce data-loss. The likelihood of this bug affecting your web site is therefore low, but since it is a data loss bug we consider it to be serious.
The following classes are affected:
- Mediachase.BusinessFoundation.McScriptLoader
Used to manage JavaScript loading in Commerce Manager. Will not cause any issues for end-users of your eCommerce web site as it is only used in Commerce Manager.
- Mediachase.BusinessFoundation.DisableDataCacheScope
Used to control caching of Business foundation data. Not used in EPiServer code, and if used in customer code the worst-case scenario is that caching might be disabled for a request where it should have been enabled.
- Mediachase.BusinessFoundation.Data.Meta.Management.TriggerContext
Used to manage triggers to be raised as part of the Business Foundation execution pipeline. It is used by EPiServer code in such a fashion that no problems will occur. It is only unsafe if used by custom code that might be affected by thread migration (see below).
- Mediachase.BusinessFoundation.Data.Meta.Management.MetaClassManagerEditScope
Used to manage updates of meta models in Business Foundation. Current use is only from within Commerce Manager and should not be used in customer code.
- Mediachase.BusinessFoundation.Data.Business.BusinessContext
Used to manage connections and context for Business Foundation data updates. This is used extensively when working with Business Foundation and may be called indirectly if you are doing Business Foundation data updates from custom code.
- Mediachase.Data.Provider.TransactionScope
Used to manage transactions for Metadata Plus updates. This is used extensively by EPiServer Commerce and may cause database updates to fail from both Commerce Manager as well as from your eCommerce web site. Note that this class is internal and cannot be used from customer code.
More details
The problems are caused by using [ThreadStatic] attribute to keep state visible for a web request. Due to implementation details of ASP.NET request execution, thread migration might occur causing a request to start executing on one thread and then migrate to another thread when reaching the Page_Load stage. This could cause incorrect Transaction scope to be carried forward and making the transaction to fail, rolling back the attempted changes to the database. Similar situations may occur for the BusinessContext while the other affected classes (see above) should have no data loss impact.
