The default bug view has changed. See this FAQ.

don't create a new session for every authenticated REST/BzAPI call

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
API
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: glob, Assigned: glob)

Tracking

Production

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

2 years ago
currently every authenticated request made to a REST or BzAPI endpoint results in a new session (ie. a row in the logincookies table).

some heavy api users have a significant number of login-cookies, with first place awarded to a user with 137,000 sessions.

this is somewhat excessive.


with the exception of calls to User.login we shouldn't persist REST session requests.
(Assignee)

Comment 1

2 years ago
Created attachment 8649153 [details] [diff] [review]
1195645_1.patch
Attachment #8649153 - Flags: review?(dylan)
(Assignee)

Comment 2

2 years ago
Created attachment 8650587 [details] [diff] [review]
1195645_2.patch

- use a separate var 'dont_persist_session' instead of stealing auth_no_automatic_login
Attachment #8649153 - Attachment is obsolete: true
Attachment #8649153 - Flags: review?(dylan)
Attachment #8650587 - Flags: review?(dylan)
Comment on attachment 8650587 [details] [diff] [review]
1195645_2.patch

Review of attachment 8650587 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

we'll want to do this for JSONRPC and XMLRPC, but this is a good stopgap.
Attachment #8650587 - Flags: review?(dylan) → review+
(Assignee)

Updated

2 years ago
Blocks: 1197061
(Assignee)

Comment 4

2 years ago
> we'll want to do this for JSONRPC and XMLRPC, but this is a good stopgap.

filed as bug 1197061.

To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   667ecc3..ca96913  master -> master
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.