Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-70005

Create read-only sessions for unauthenticated users

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.9.2
    • Fix Version/s: None
    • Component/s: Performance
    • Labels:
      None
    • Affected Branches:
      MOODLE_39_STABLE

      Description

      We are hosting a rather big Moodle instance and are seeing a lot of trafic these days due to COVID and schooling from home. Apart from legit traffic, there are also various attacks on the service, which in some cases, can introduce downtime / slowness of the service for most of the users.

      Our site allows access to some parts of moodle without login (not even guest mode is needed) due to historic reasons and when we get an attack, this renders the service unavailable due to apache/php-fpm workers exhaustion as all requests are waiting for session locks (they are in session_lock() function most of the time. Some get processes and some get timed out).

      Would it make sense to use read-only sessions in cases where users are not logged in and not guests, something in the line of:

      lib/classes/session/manager.php
       
              if (!isloggedin() || isguestuser()) {
                  $requireslock = !READ_ONLY_SESSION;
              } else if (defined('READ_ONLY_SESSION') && !empty($CFG->enable_read_only_sessions)) {
                  $requireslock = !READ_ONLY_SESSION;
              } else {
                  $requireslock = true; // For backwards compatibility, we default to assuming that a lock is needed.
              }
      

      Would this work or would this explode in some way? I'm not too familiar with Moodle code and web app development, so I'm probably overlooking things.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            matejz Matej Zerovnik
            Participants:
            Component watchers:
            Matteo Scaramuccia, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: