Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-70687

Redis session lock expiration should default shorter than session timeout

    XMLWordPrintable

    Details

      Description

      Currently the redis session lock expiration defaults to the session timeout. The session timeout is typically multiple hours.

      If a problem leads to a redis session lock not getting released properly, any subsequent request by a user in that session will wait to acquire the lock and eventually fail. The only way for the user to recover is to either delete their cookies or to wait several hours until the session times out.

      A reasonable session lock expiration is the maximum time a PHP request can be processed for. After this time expires without the lock being released it's clear that the php process must have ended without releasing it (there is potential for some system time not being counted, so to be on the safe side one could increase the default a bit over this minimum). Waiting any longer just causes more errors and problems for the users, so is not advisable.

      So this patch changes the default for session lock expiration in redis to the PHP max execution time. It can still be overwritten through $CFG->session_redis_lock_expire 

      I found the problem on 3.9.4 but it's still an issue on master.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            naderman Nils Adermann
            Peer reviewer:
            Jordi Pujol-Ahulló
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan, Matteo Scaramuccia, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            12 Vote for this issue
            Watchers:
            14 Start watching this issue

              Dates

              Created:
              Updated: