Vengala Vinay

Having 12+ Years of Experience in Software Development

Home » Resolving checkout session locking bottlenecks during flash sales Under Peak Event Traffic on OVH

Resolving checkout session locking bottlenecks during flash sales Under Peak Event Traffic on OVH

Identifying Checkout Session Locking Bottlenecks

During high-traffic events like flash sales, the most common cause of checkout failures is database contention, specifically around locking mechanisms that protect critical checkout session data. On an OVH infrastructure, this often manifests as timeouts or deadlocks when multiple concurrent requests attempt to modify the same session record. The primary culprit is typically the `SELECT … FOR UPDATE` or equivalent locking statements within your application’s checkout logic. These statements acquire an exclusive lock on the selected rows, preventing other transactions from reading or writing to them until the current transaction commits or rolls back.

The first step in diagnosing this is to enable and analyze your database’s slow query log and, more importantly, its transaction log or equivalent diagnostic tools. For MySQL, this involves configuring `slow_query_log`, `long_query_time`, and `log_lock_waits`. On PostgreSQL, `log_lock_waits` and `log_min_duration_statement` are crucial.

MySQL: Diagnosing Lock Waits

To effectively diagnose lock waits in MySQL, ensure the following parameters are set in your `my.cnf` or `my.ini` configuration file. Restart the MySQL server after making these changes.

Configuration for `my.cnf` (or equivalent):

[mysqld]
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 1  # Adjust based on acceptable latency
log_lock_waits = 1
log_queries_not_using_indexes = 1

Once enabled, monitor the slow query log for queries that are taking longer than `long_query_time` and specifically look for entries indicating lock waits. You can also use `SHOW ENGINE INNODB STATUS;` to get a real-time snapshot of InnoDB’s internal state, including lock information.

Analyzing `SHOW ENGINE INNODB STATUS;` Output:

--- TRANSACTIONS ---
Trx id counter 12345, next-active-transaction 12345
...
--- LOCKS ---
...
------------------------
LATEST DETECTED DEADLOCK
------------------------
...
TRANSACTION 12345, ACTIVE 0 sec starting index read
...
TRANSACTION 67890, ACTIVE 0 sec fetching rows
...
MySQL thread id 123, ws 0, for query ...: SELECT * FROM checkout_sessions WHERE session_id = 'abc-123' FOR UPDATE
...
MySQL thread id 456, ws 0, for query ...: SELECT * FROM checkout_sessions WHERE session_id = 'abc-123' FOR UPDATE
...

The `LATEST DETECTED DEADLOCK` section is critical. It shows the transactions involved, the queries they were executing, and the locks they were waiting for. In this example, two transactions are attempting to `SELECT … FOR UPDATE` on the same `session_id`, leading to a deadlock or prolonged wait.

PostgreSQL: Diagnosing Lock Waits

For PostgreSQL, similar diagnostic measures are necessary. Modify your `postgresql.conf` file.

Configuration for `postgresql.conf`:

log_min_duration_statement = '1s' # Log statements taking longer than 1 second
log_lock_waits = on
log_statement = 'all' # Or 'ddl', 'mod' for more targeted logging
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'

After restarting PostgreSQL, examine the log files for statements exceeding `log_min_duration_statement` and for messages indicating lock waits. You can also query the `pg_locks` and `pg_stat_activity` views for real-time lock information.

Querying `pg_locks` and `pg_stat_activity`:

SELECT
    activity.pid,
    activity.usename,
    activity.query,
    locks.virtualxid,
    locks.transactionid,
    locks.mode,
    locks.granted,
    locks.relation::regclass
FROM
    pg_stat_activity AS activity
LEFT JOIN
    pg_locks AS locks ON activity.pid = locks.pid
WHERE
    locks.granted IS FALSE AND activity.state = 'active'
ORDER BY
    activity.query_start;

This query will show active processes that are waiting for a lock (`granted IS FALSE`) and the type of lock they are requesting (`mode`). Correlating this with `activity.query` will reveal the problematic SQL statements.

Application-Level Strategies for Mitigating Lock Contention

Directly reducing the duration and frequency of `SELECT … FOR UPDATE` statements is paramount. This often requires architectural changes rather than just database tuning.

Optimizing Checkout Session Access Patterns

The core issue is multiple processes trying to lock the *same* checkout session record. If your application logic allows for concurrent modifications to a single session, you’re inherently creating a bottleneck. Consider these strategies:

  • Decouple Session State: Instead of locking the entire session record, identify the specific pieces of data that need to be updated atomically. Can you use optimistic locking (e.g., version numbers) for less critical updates?
  • Queueing Updates: For operations that don’t require immediate atomic updates (e.g., logging, analytics), push them to a background job queue (e.g., Redis Queue, RabbitMQ, AWS SQS). The main checkout transaction should only perform essential, blocking operations.
  • Read-Optimized Caching: Cache read-only session data in memory (e.g., Redis, Memcached) to reduce database read load. Ensure cache invalidation is robust.
  • Partitioning/Sharding: If session contention is consistently high for specific user segments or session types, consider partitioning your session table or sharding your database based on `user_id` or `session_id`. This distributes the load across multiple database instances or partitions.

Refactoring `SELECT … FOR UPDATE`

The goal is to minimize the scope and duration of locks. If possible, avoid `SELECT … FOR UPDATE` entirely for operations that don’t strictly require it.

Example: PHP Refactoring (Conceptual)

/**
 * Original (Potentially Blocking) Logic
 */
function processCheckoutStep1_Bad(PDO $pdo, string $sessionId) {
    $pdo->beginTransaction();
    try {
        // This locks the row for the duration of the transaction
        $stmt = $pdo->prepare("SELECT * FROM checkout_sessions WHERE session_id = :session_id FOR UPDATE");
        $stmt->execute([':session_id' => $sessionId]);
        $session = $stmt->fetch(PDO::FETCH_ASSOC);

        if (!$session) {
            throw new Exception("Session not found");
        }

        // ... perform updates on $session data ...
        $newStatus = 'processing';
        $stmt = $pdo->prepare("UPDATE checkout_sessions SET status = :status, updated_at = NOW() WHERE session_id = :session_id");
        $stmt->execute([':status' => $newStatus, ':session_id' => $sessionId]);

        $pdo->commit();
    } catch (Exception $e) {
        $pdo->rollBack();
        throw $e;
    }
}

/**
 * Improved Logic: Minimize Lock Scope
 * Assumes session data can be fetched without a lock, and only the final update locks.
 * This is only safe if intermediate steps do NOT modify the session data being read.
 */
function processCheckoutStep1_Better(PDO $pdo, string $sessionId) {
    $pdo->beginTransaction();
    try {
        // Read session data without locking initially
        $stmt = $pdo->prepare("SELECT * FROM checkout_sessions WHERE session_id = :session_id");
        $stmt->execute([':session_id' => $sessionId]);
        $session = $stmt->fetch(PDO::FETCH_ASSOC);

        if (!$session) {
            throw new Exception("Session not found");
        }

        // ... perform calculations or read-only operations based on $session data ...
        // If these operations *modify* the session data, you still need a lock.
        // If they are purely read/compute, proceed.

        // Now, acquire lock ONLY for the final update
        $stmt = $pdo->prepare("SELECT * FROM checkout_sessions WHERE session_id = :session_id FOR UPDATE");
        $stmt->execute([':session_id' => $sessionId]);
        // We don't necessarily need to fetch again if we trust the data hasn't changed
        // or if we are just confirming existence before update.
        // If we need to re-read updated values, fetch here.

        // Perform the actual update
        $newStatus = 'processing';
        $stmt = $pdo->prepare("UPDATE checkout_sessions SET status = :status, updated_at = NOW() WHERE session_id = :session_id");
        $stmt->execute([':status' => $newStatus, ':session_id' => $sessionId]);

        $pdo->commit();
    } catch (Exception $e) {
        $pdo->rollBack();
        throw $e;
    }
}

/**
 * Alternative: Optimistic Locking (if applicable)
 * Requires adding a 'version' column to checkout_sessions table.
 */
function processCheckoutStep1_Optimistic(PDO $pdo, string $sessionId, int $expectedVersion) {
    $pdo->beginTransaction();
    try {
        $newStatus = 'processing';
        $stmt = $pdo->prepare("
            UPDATE checkout_sessions
            SET status = :status, updated_at = NOW(), version = version + 1
            WHERE session_id = :session_id AND version = :expected_version
        ");
        $stmt->execute([
            ':status' => $newStatus,
            ':session_id' => $sessionId,
            ':expected_version' => $expectedVersion
        ]);

        if ($stmt->rowCount() === 0) {
            // Row was not updated, likely due to version mismatch or session not found
            // Could be a concurrent update or session expired. Fetch to diagnose.
            $checkStmt = $pdo->prepare("SELECT version, status FROM checkout_sessions WHERE session_id = :session_id");
            $checkStmt->execute([':session_id' => $sessionId]);
            $currentRow = $checkStmt->fetch(PDO::FETCH_ASSOC);

            if (!$currentRow) {
                throw new Exception("Session not found or already processed.");
            } elseif ($currentRow['version'] != $expectedVersion) {
                throw new Exception("Concurrent modification detected. Please try again.");
            } else {
                // Should not happen if logic is correct, but for safety
                throw new Exception("Unknown update error.");
            }
        }

        $pdo->commit();
    } catch (Exception $e) {
        $pdo->rollBack();
        throw $e;
    }
}

The `processCheckoutStep1_Better` function attempts to reduce the lock duration by fetching data without a lock first, performing read-only operations, and then acquiring the lock only for the final `UPDATE`. The `processCheckoutStep1_Optimistic` function demonstrates using a version column, which completely avoids row-level locks for updates, relying on the application to retry if a conflict occurs.

Infrastructure Considerations on OVH

OVH’s infrastructure, while robust, has specific characteristics that can influence performance under extreme load. Understanding your specific OVH product (e.g., Public Cloud instances, Dedicated Servers, Managed Databases) is key.

Database Instance Sizing and Configuration

Ensure your database instances are adequately provisioned. During flash sales, I/O operations and CPU usage on the database server will spike. Monitor metrics like:

  • CPU Utilization (especially for the database process)
  • Disk I/O (IOPS, latency, queue depth)
  • Network Throughput
  • Memory Usage (for buffer pools, caches)
  • Database-specific metrics (e.g., MySQL’s `Threads_connected`, `Threads_running`, InnoDB buffer pool hit rate; PostgreSQL’s `pg_stat_activity` active connections, cache hit ratios).

If using OVH Managed Databases, leverage their performance monitoring tools. If on Public Cloud instances, use tools like `htop`, `iotop`, `iostat`, and cloud provider monitoring dashboards. Consider scaling up your database instance type or adding read replicas if read contention is also an issue (though less likely to cause checkout *locking* issues directly).

Network Latency

The geographical location of your application servers relative to your database servers on OVH can introduce latency. High latency increases the time locks are held and the time it takes for transactions to complete, exacerbating contention. Ensure your application and database reside in the same OVH region and availability zone if possible. For dedicated servers, ensure your network configuration is optimized.

Load Balancer Configuration (HAProxy/Nginx)

While not directly causing database locks, an improperly configured load balancer can contribute to overwhelming your application servers, which in turn flood the database. Ensure your load balancer is:

  • Correctly configured for health checks to remove unhealthy application instances quickly.
  • Using appropriate balancing algorithms (e.g., least connections) for dynamic workloads.
  • Not introducing excessive connection overhead or SSL termination bottlenecks.

Example HAProxy Configuration Snippet:

frontend http_frontend
    bind *:80
    mode http
    default_backend app_servers

backend app_servers
    mode http
    balance leastconn
    option httpchk GET /healthz
    server app1 192.168.1.10:80 check
    server app2 192.168.1.11:80 check
    server app3 192.168.1.12:80 check

Proactive Monitoring and Alerting

Implement robust monitoring *before* the event. Key metrics to alert on include:

  • Database connection count (approaching max_connections)
  • Database CPU/IO utilization (sustained high levels)
  • Application error rates (especially 5xx errors related to database timeouts/deadlocks)
  • Slow query log volume/frequency
  • Lock wait times (if your database provides this metric directly or via logs)

Setting up alerts for these conditions allows for early intervention, potentially before the situation escalates to a complete checkout failure for a significant portion of users.

Recent Posts

Top Categories

Our Products

Our Services