[1.7.5] session table 'leak' problem in index.php

Development-related discussion, including bundled plugins
troyengel
Bear Rating Trainee
Bear Rating Trainee
Posts: 18
Joined: 23 Mar 2013, 19:39

[1.7.5] session table 'leak' problem in index.php

Postby troyengel » 28 Mar 2013, 05:55

Hi all, been running tt-rss for about a week now and have had MySQL's slow-query logging enabled. A bunch of slow queries started showing up for inserts into the ttrss_sessions tables so I investigated (this is running on a 512mb cloud server so I started seeing swap use unexpectedly). The problem is that when *anything* at all hits index.php it includes session.php; session.php starts up a session no matter what but with a callback function set.

Code: Select all

        if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
                session_set_save_handler("ttrss_open",
                        "ttrss_close", "ttrss_read", "ttrss_write",
                        "ttrss_destroy", "ttrss_gc");
        }

        session_set_cookie_params(SESSION_COOKIE_LIFETIME);

        if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
                @session_start();
        }


Two problems here - 1, the ttrss_destroy function is *only* ever called as part of the logout() code, and ttrss_gc is only called with a 50% probability that - using the default values in config.php-dist - will be over 30 days old ((86400*30)/60/60/24). I have both a cloud load balancer *and* monitoring on the cloud instance that hit index.php repeatedly and frequently (as expected) for health status. After awhile you end up looking like this:

Code: Select all

mysql> select count(*) from ttrss.ttrss_sessions;
+----------+
| count(*) |
+----------+
|   128419 |
+----------+
1 row in set (0.03 sec)

mysql> select count(*) from ttrss.ttrss_sessions;
+----------+
| count(*) |
+----------+
|   128420 |
+----------+
1 row in set (0.02 sec)


Those samples were taken ~5secs apart, so let's say I'm gaining no less than 12 per minute - in 7 days that's about 120960 -- mine are higher because I have both a load balancer and monitoring checking it, and just implemented those this past weekend. At this rate I'm gonna have a bajillion and one sessions in that table in not too long.

So, we have a problem - I don't have a quick patch ready but in general the index.php should *not* initiate a session until the user tries to log in (or possibly... institute a garbage collection in index.php outside of the ttrss_gc() callback?). A number of solutions present themselves here, up to fox how he wants to handle it...

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: [1.7.5] session table 'leak' problem in index.php

Postby fox » 28 Mar 2013, 07:58

I guess we can start a session when sid cookie exists or when logged in, that should probably solve this.

https://github.com/gothfox/Tiny-Tiny-RS ... 87a87139dd

troyengel
Bear Rating Trainee
Bear Rating Trainee
Posts: 18
Joined: 23 Mar 2013, 19:39

Re: [1.7.5] session table 'leak' problem in index.php

Postby troyengel » 28 Mar 2013, 18:50

Patches confirmed working. I truncated the ttrss_sessions table then watched the sessions in realtime as my monitoring, load balancer health checks and actual real session we used via:

Code: Select all

# watch -n 2 'mysql -e "select count(*) from ttrss.ttrss_sessions;"'


Sessions remained at 0 until I logged in. Count increased to 1, then reverted to 0 when I logged out. Thanks!!


Return to “Development”

Who is online

Users browsing this forum: No registered users and 12 guests