Comment 15 for bug 1036318

Jeff Godin (jgodin) wrote :

Looking at a recent report of this on a 2.2 system, the staff user logs in around 9 AM, is active until early afternoon, then in the later afternoon after a few hours of inactivity, the staff client presents the auth token it received earlier that morning, and the session is not found in memcached.

In the staff client, activity was taking place mostly in the Item Status interface, and the staff member received the usual prompt to re-authenticate.

The period of inactive time in the above example was shorter than the value of Staff Login Inactivity Timeout.

From the data available to me at present, this seems like memcached eviction due to memory exhaustion within the slab for items of this size.

On the staff client side of things, a re-auth works as expected. TPAC may need to be taught how to re-auth for staff, as other comments have suggested.

The long-term solution may be database-backed sessions, where memcached is used for caching but where an evicted session key may fall back to the (slower) database lookup to refresh the cache.