WP-CRON uses a "run at least once" model - you need to account for this in your code. In our Social plugin we implemented a semaphore to handle the queue of things we needed to do *only once*, but that could take longer than the PHP timeout (multiple API calls).

Feel free to learn from/borrow that code:

https://github.com/crowdfavorite/wp-social

Cheers,
--Alex

http://alexking.org | http://crowdfavorite.com

Hi Alex,

Thank you... it's nice... a note for people finding this in Google: from
my reading and testing, I learned that your code is designed not so much
to only do the job only once, but to make sure that it can only do it
once *at the same time* (i.e. no concurrent runs). Successive runs were
possible, if the task was short-running enough and released the lock
early enough. (Which is not likely to happen with my example of a backup
job, but could happen with my other example of aggregating and
amalgamating statistics). I suppose that if that's likely to be a
problem, then the task could impose an arbitrary minimum time before
releasing the lock.

Again, for others - the relevant part of the code in the plugin that
Alex pointed to is in lib/social/semaphore.php. The simplest use case is
then this (though of course you'd want to rename the class to avoid
collisions):

$semaphore = Social_Semaphore::factory();
if ($semaphore->lock()) {
do_something();
sleep(5); # Perhaps - but it'd be more sophisticated to time
yourself and only sleep as much as needed
$semaphore->unlock();
}

David

Why are you hitting the wp-cron.php file directly? WordPress doesn't
do that normally.

WordPress normally sets the doing_wp_cron transient with the current
time(), then calls wp-cron.php?doing_wp_cron=time. This is a locking
mechanism to prevent the subsequent calls after that from running.

This is not *perfect*, but it is pretty good and prevents most of the
problem you're describing. If you're calling wp-cron.php directly,
you're bypassing this mechanism, and the delay you've added to the
database will cause the locking mechanism to take longer, causing the
race issues.

-Otto

Hi Otto,

Thanks... I was aware of that; the reason I was hitting wp-cron.php
directly in the tests I mentioned in my early mail was for two reasons:
1) On my reading of the code, wp-cron.php tries to apply the same lock
(the section beginning with the comment "// Use global $doing_wp_cron
lock otherwise use the GET lock. If no lock, trying grabbing a new
lock."). 2) In my tests, going indirectly (hitting the site's home page)
had the same effect - i.e. the action would still consistently run
multiple times due to raciness. It was just slightly less racy, but I
surmised that that was due to a side-effect of timing due to the extra
HTTP round-trip, rather than due to any extra locking taking place
(which I surmised because of 1) - I can't see any extra locking take
place - only a difference as to the timing of *when* the locking takes
place).

David

I just wanted to point out, that doing this bypasses the major component of
WP Cron which attempts to allow things to only run once.. doing so you'll
almost be guaranteed to have duplicate events fired.

When WordPress fires off the cron, it creates a locking transient (which
should be pretty reliable when using an external object cache, not awesome,
but still pretty good, when not) which is based on microtime(true) which
includes microseconds: 1379596515.2753798961639404296875
The request is then made via
wp-cron.php?doing_wp_cron=1379596515.2753798961639404296875. If the GET arg
doesn't match exactly what's in the transient, that request doesn't perform
any operations.

In the past (pre-3.6 I believe?), the transient was based on time(), so any
requests made within a 1second timeframe would trigger duplicate cron
tasks.

It's definitely not foolproof, but it's pretty much as locking-as-possible
that WordPress can achieve in a shared hosting environment at present..
anything that absolutely requires only one process to be running at a time
should definately add something of their own if they don't trust core's
ability.

It should also be noted, that if you have a long-running job (like some
backup plugins), and you have a server where someone triggers wp-cron.php
manually with a real cron every 1/2/5minutes, then you'll most likely get
duplicate events running.. simply because your event is only de-queued
AFTER it's run, so if it takes 5 minutes to run, and another request it
made 2 minutes into that window, you'll get two jobs

If you want to test WordPress's cron locks out, instead of using the above
code, do something like this in a stand alone script instead:
<?php include 'wp-load.php'; while(true) { spawn_cron(); } ?>

Hi Dion,

Thanks for the feedback... I mentioned before a couple of things:

1) My motivation is to torture-test the worst-case scenarios, because
they are what generate support requests. A significant number (i.e.
significant enough to generate a flow of support requests, once you have
5,000 new installs a week) of hosting companies disable this mechanism
(in part, through disabling loopback HTTP connections), and instruct
their users to call wp-cron.php directly (via a scheduler in their
control panel). (I know that's "non-optimal". I know about
ALTERNATE_WP_CRON - as I say, I'm trying to deal with what users are
doing and likely to keep on doing, not what they ought to do).

2) I said before to Otto that from my reading of the code in
wp-cron.php, there's also an attempt to apply the same locking mechanism
you describe above in there. The only difference is that the loopback
HTTP introduces a slightly random timing delay, which fortuitously gives
the time delay needed for the locking mechanism to work - i.e. the
effect is a side-effect of the method,rather than procured directly by
it. Am I reading that wrong?
If you need to *rely* upon an action running twice, then surely you
should just schedule two actions? Note that I wasn't suggesting locking
at the *individual action* level but at the *cron queue processor* level.

Best wishes,
David

I've read through the code a lot to try to understand this, but I
don't... can you give me a clue?

1) "random url value" - where is this? I can't see any random element
being added in the code, or in my web logs. I just see:

POST /wp-cron.php?doing_wp_cron=(microtime)

2) I also don't see how locking "for the DURATION of the cronjob" is
happening. The lock is applied via the transient 'doing_cron'; but I see
nothing in wp-includes/cron.php that is stopping that transient being
over-written once WP_CRON_LOCK_TIMEOUT seconds have passed, and nothing
that continuously updates it whilst the cron job progresses. I see these
lines of code, in which the comment seems to say that this is where it
is done:

// don't run if another process is currently running it or more
than once every 60 sec.
if ( $lock + WP_CRON_LOCK_TIMEOUT > $gmt_time )
return;

The comment says "don't run if another process is currently running" -
but I don't see the connection between the comment and the code; the
code only seems to do "don't run if ... more than once every 60
(WP_CRON_LOCK_TIMEOUT) sec".

What am I missing?

David