Support durable authentication sessions
Bug #1753565 reported by
Jeff Godin
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Currently, Evergreen authentication sessions are stored only in memcached, and are subject to being lost on memcached restart, failure, eviction or change in server list[1].
There would be advantages in supporting (even optionally) a durable session store where authentication sessions could live, while continuing to use memcached as a cache for those sessions.
A cache miss on a memcached GET for oils_auth_[token] would then result in a session being retrieved and cached. A negative retrieval result could also be cached, to avoid multiple "costly" retrieval attempts for an invalid session.
[1]: In theory. We may not have any sites using memcached server lists with >1 members.
tags: | added: authentication |
To post a comment you must log in.
I can confirm sites exist with multiple memcache servers. Even for sites that only have 1 server, being able to perform maintenance on a cache server without having to bring the ILS down would be nice to have.