MyBB

koziolek · 02-13-2009, 08:14 AM

MyBB 1.4.4:
Guest sessions are disappearing after a while. I have something like "100 logged users, 3 hidden, 500 guest" and after a minute all guests are gone.

In file global.php code:

PHP Code:

// Check banned ip addresses
if(is_banned_ip($session->ipaddress, true))
{
    $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' OR uid='{$mybb->user['uid']}'");
    error($lang->error_banned);
} 

When guest with banned IP tries to access the board this SQL removes all guest sessions.

Replace with something like:

PHP Code:

if(is_banned_ip($session->ipaddress, true))
{
    if ($mybb->user['uid'])
    {
        $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' OR uid='{$mybb->user['uid']}'");
    }
    else
    {
        $db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."'");
    }
    error($lang->error_banned);
} 

Ryan Gordon · 02-13-2009, 05:22 PM

Ah, nice catch

koziolek · (This post was last modified: 02-15-2009 02:18 PM by koziolek.)

Fixing this bug exposes another problem or bug - clearing old sessions once a day is insufficient. My mybb_sessions table has 109000 records... It is big because of old sessions which should be deleted once or twice per hour (and a session is old after 15-30 minutes of inactivity).

Working with big mybb_sessions table is slow also because of:

Code:

DELETE 

            FROM mybb_sessions 

             WHERE ip='213.158.196.101' LIMIT 1

and mybb_sessions does not have INDEX on ip column. This query is really slow without an index so its locks mybb_sessions table (in process list I have 1 query "updating" and more then 100 "locked" - all on mybb_sessions).

So after fixing the problem described in first post (clearing all guest sessions):
- add an INDEX to column ip in mybb_sessions table;
- clear old sessions more often.

Ryan Gordon · 02-16-2009, 04:12 AM

I don't see a problem adding an index to the IP, but you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.

koziolek · 02-16-2009, 08:13 AM

(02-16-2009 04:12 AM)Ryan Gordon Wrote: you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.

But I have. Why? Because I have really many visits from Google (many new users = many new sessions). I have online from 700 (morning) to 2500 (evening) users (guest+registered) and about 1,2 million real users per month (audited data from polish stats company). This means that I have many new sessions. After fixing this bug it took only 1 day to grow mybb_sessions to 100000 records.

I added a task (half-hour):

PHP Code:

function task_pcf_sessions_cleanup($task)
{
        global $db;

        // Clear out sessions older than 15 minutes, 15*60=900
        $cut = TIME_NOW-900;
        $db->delete_query("sessions", "time < '{$cut}'");

        add_task_log($task, $lang->task_pcf_sessions_cleanup);
} 

and (with index on `ip` column) it solves my problems.

frostschutz · 02-16-2009, 08:33 AM

When does MyBB create a session in the database and how does it re-identify the users? If it's cookies then I guess anything that doesn't use cookies would create phantom sessions with every request?

Yumi · 02-16-2009, 08:39 AM

Clearing guest sessions more often sounds feasible - clearing all sessions (ie including users) would affect the Online Today function (heh, Who's Online Today on Index page plugins are going to take a hit though).

koziolek · (This post was last modified: 02-16-2009 08:48 AM by koziolek.)

(02-16-2009 08:33 AM)frostschutz Wrote: When does MyBB create a session in the database and how does it re-identify the users? If it's cookies then I guess anything that doesn't use cookies would create phantom sessions with every request?

Yes, MyBB uses cookies. There are not many visitors with cookies disabled on my site (about 2-5%), but the phantom effect is possible.

(02-16-2009 08:39 AM)Yumi Wrote: Clearing guest sessions more often sounds feasible - clearing all sessions (ie including users) would affect the Online Today function (heh, Who's Online Today on Index page plugins are going to take a hit though).

"Online today" takes data from mybb_users.lastactive. I checked it on my board - it is functioning properly.

Yumi · 02-16-2009, 08:54 AM

^ Hmm, you're right about that - my memory's failing me >_> Sorry.

dvb · 02-17-2009, 07:01 AM

(02-15-2009 02:16 PM)koziolek Wrote: Fixing this bug exposes another problem or bug - clearing old sessions once a day is insufficient. My mybb_sessions table has 109000 records... It is big because of old sessions which should be deleted once or twice per hour (and a session is old after 15-30 minutes of inactivity).

Working with big mybb_sessions table is slow also because of:

Code:

DELETE FROM mybb_sessions WHERE ip='213.158.196.101' LIMIT 1
and mybb_sessions does not have INDEX on ip column. This query is really slow without an index so its locks mybb_sessions table (in process list I have 1 query "updating" and more then 100 "locked" - all on mybb_sessions).

So after fixing the problem described in first post (clearing all guest sessions):
- add an INDEX to column ip in mybb_sessions table;
- clear old sessions more often.

(02-16-2009 08:13 AM)koziolek Wrote:
(02-16-2009 04:12 AM)Ryan Gordon Wrote: you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.
But I have. Why? Because I have really many visits from Google (many new users = many new sessions). I have online from 700 (morning) to 2500 (evening) users (guest+registered) and about 1,2 million real users per month (audited data from polish stats company). This means that I have many new sessions. After fixing this bug it took only 1 day to grow mybb_sessions to 100000 records.

I added a task (half-hour):

PHP Code:

function task_pcf_sessions_cleanup($task) { global $db; // Clear out sessions older than 15 minutes, 15*60=900 $cut = TIME_NOW-900; $db->delete_query("sessions", "time < '{$cut}'"); add_task_log($task, $lang->task_pcf_sessions_cleanup); }
and (with index on `ip` column) it solves my problems.

So can we accept this solution?

(if so, the clearing task should be based on the setting)