Possible Race-Condition when Two Contacts Share Same Forum with each other
What happens if Alice and Bob invite each other to the forum, then some time later both their invitations are delivered? It seems to me that each of them will consult
canBeShared()
for the incoming invitation, see that they've sent an invitation, and delete the incoming invitation. Does that sound right to you? Does that mean neither of them will receive the other's invitation?
Yes, their invitations are most likely deleted without any indication to them.
Regardless of the answer to this specific question, I think you're right to be concerned about treating symptoms rather than causes. Unfortunately I think the problem might be quite fundamental. We're trying to keep the state of the forum (are we subscribed, is it visible to the contact) consistent with the state of each session - but there can be multiple sessions relating to a given forum. Can we be sure that those sessions will always produce consistent answers to (a) whether we belong to the forum, and (b) whether the contact belongs to it?
The message queue ensures that our messages are delivered to the contact in order and vice versa, but if we want to be sure that a given set of messages always produces the same state, we need a canonical ordering for all the messages: ours and the contact's. Within each session, we can use knowledge of the protocol to order certain messages (for example, a response must follow an invitation), but I'm not sure we can do that across multiple sessions in the general case.