keyserver/src/creators/olm-session-creator.js
66 ↗	(On Diff #35100)	We can't safely separate updating and storing an Olm session due to the potential for a race between two calls that are both trying to update the Olm session. For that reason we have `fetchCallUpdateOlmAccount` and `encryptAndUpdateOlmSession`, which use MariaDB transactions to protect against the race conditions. We don't need that sort of approach for persisting a brand new Olm session. But it's concerning to see you export `storeOlmSession` here... it seems like it has the potential for misuse. Maybe we can rename it to `storeFreshOlmSession`? Separately, wonder if "persist" makes more sense than "store". I don't feel strongly here... curious for @marcin's perspective.

I outlined one concern that I have about this differential and suggested a solution. I don't have enough context about the entire goal to decide if it is serious issue so I leave that up the the author.

keyserver/src/creators/olm-session-creator.js
66 ↗	(On Diff #35100)	`persistOlmSession` sounds best for me as a name for this method. The issue that I see with this diff is that `createOlmSession` persists changes made to olm account in the database while changes done due to the session creation are not persisted immediately.. Our database has an entry associated with olm account that indicates that a session was created but there is no entry with the actual session. This means that our database is in incorrect state for a while until `persistOlmSession` is called. On the other hand I am not sure if it creates a foundation for some serious issues. Actually I can't think of any bad scenario that could happen here. As far as I am concerned creating a session indeed removes one time key from an account. So theoretically if we create a session but the keyserver crashed before we persist it in the database we might not be able to try to create it again with the same initialEncryptedMessage since necessary one time key was permanently removed from an account. If the scenario I described above is a serious concern then here is what I would do: `createOlmSession` doesn't update database but returns olm session, old olm account and updated olm account in memory. `persistOlmAccount` takes pickled old olm account, pickled updated olm account and pickled olm session as arguments, then fetches pickled olm account from the database and if it matches the old pickled olm account passed as an argument then we update everything in the database at once.

This revision is now accepted and ready to land.Jan 2 2024, 6:25 AM

varun added inline comments.Jan 5 2024, 9:57 PM

keyserver/src/creators/olm-session-creator.js
66 ↗	(On Diff #35100)	in `storeOlmSession` we match the native client behavior of overwriting the olm session if we've already initialized one for the same pair of identities. @marcin i don't think the concern you've outlined is that serious. The client can try to auth with a new `initialEncryptedMessage` if the keyserver crashes between creating and persisting the olm session. @ashoat does that sound reasonable? am i missing something?

varun added inline comments.Jan 5 2024, 9:58 PM

keyserver/src/creators/olm-session-creator.js
66 ↗	(On Diff #35100)	settled on `persistFreshOlmSession` and `createAndPersistOlmSession` btw

ashoat added inline comments.Jan 6 2024, 6:03 AM

keyserver/src/creators/olm-session-creator.js
66 ↗	(On Diff #35100)	Yeah this sounds reasonable. It looks like making sure the client retry generates a new `initialEncryptedMessage` is outside the scope of your diff stack, and likely part of Tomek's connection handlers project. Can you try to document this requirement on Linear somewhere for him? Maybe here