Flood of open-ils.actor.user.has_work_perm_at.batch requests for VIEW_USER with null authtoken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
High
|
Unassigned | ||
3.8 |
Fix Released
|
High
|
Unassigned | ||
3.9 |
Fix Released
|
High
|
Unassigned |
Bug Description
EG 3.9
We've had several incidents where our servers suddenly start receiving an overwhelming number of these requests from the staff client:
open-ils.actor open-ils.
In one case, the volume of requests was large enough to knock out the open-ils.actor service.
Circumstantial evidence suggests that these requests happen when the staff client is left open and the session eventually times out. In one instance, when we saw this happen overnight, the only client activity at the time was a redirect to the login page from an IP that hadn't been active since the previous afternoon.
We didn't experience this issue on EG 3.7. I suspect it was introduced by changes made to Open-ILS/
Changed in evergreen: | |
importance: | Undecided → High |
Changed in evergreen: | |
assignee: | nobody → Chris Sharp (chrissharp123) |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
See also bug 1940698, another bug where session timeout can lead to request spamming.