Race Condition: Shared temp file in batch_predict() causes incorrect gaze predictions

[midaa1]

Bug Description

In app/routes/session.py:165, all concurrent batch_predict() requests write to the exact same file temp_batch_predict.csv:

predict_csv_path = base_path / "temp_batch_predict.csv"

If two or more requests arrive simultaneously, they overwrite each other's data, causing incorrect or corrupted gaze predictions for one or both users.

Severity

HIGH — This silently produces wrong results in production whenever concurrent requests occur.

Steps to Reproduce

1. Send two POST /batch_predict requests at the same time with different iris_tracking_data
2. Both requests write to temp_batch_predict.csv concurrently
3. One request reads the other's data, producing incorrect predictions

Expected Behavior

Each request should use its own isolated temporary file so concurrent requests never interfere with each other.

Proposed Fix

1. Use uuid4 to generate a unique filename per request: temp_batch_predict_{uuid}.csv
2. Clean up the temp file with os.remove() after prediction completes to prevent disk space leaks (related to CSV cleanup concern)

[BHUVANA-SANKU24]

Hi! I worked on improving the batch_predict race condition issue.

Instead of using UUID-based temporary files, I removed file-based processing entirely and refactored the pipeline to use in-memory DataFrames. This eliminates the race condition at its root and avoids filesystem overhead.

I’ve tested it locally and verified correct predictions via the API. I’ll be opening a PR shortly — would love feedback!