From: Thomas W. <tw...@un...> - 2006-01-25 08:13:08
|
Hi Jonathan, Jonathan Angliss schrieb: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Thomas, > On Tuesday, January 24, 2006, Thomas wrote: >> I've been spending some time now to investigate the "You must be >> logged in to access this page"-bug, which seems to hit us once in a >> few hundred logins. > > Loss of cookies? Session expired? There are some people I know personally that just can't login. I looked over their setup and it looks fine, i.e. cookies enabled and everything. The session just gets miraculously killed (right after login, when the frameset loads). [...] > >> I now wrote a custom session handler for PHP, which stores all >> session information in a MySQL database. Since proper locking is >> done in MySQL, concurrent access shouldn't be a problem anymore. >> It's already in production use here and seems to run fine (~15.000 >> users), but we hadn't had it running long enough to tell if it >> really solves the problem. > > Having a quick look over it, not tested yet, though it certainly looks > interesting. I've noticed one or two things you might want to > consider... > [lots of suggestions] That's right, this code is nowhere finished, I just wanted to test if it works in principle. It's already more polished at our site. One thing to cut down the write function for example would be to use an INSERT INTO ... ON DUPLICATE KEY UPDATE, but this would be MySQL specific. You wouldn't need to do the locking yourself, too. It's 15k users in total btw., with around 500 simultaneously logged in at any time. > > Looks good otherwise. I might give it a bash and try some load > testing. > > What kind of setup do you have to support your users? IMAP Server? > Clusters? We have a multi-machine Cyrus Cluster with Imapproxy (to get some load off of it). Thanks for giving it a try! Tom |