Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] global.php: clearing all guest sessions on guest with banned ip [C-Michael83]
#1
MyBB 1.4.4:
Guest sessions are disappearing after a while. I have something like "100 logged users, 3 hidden, 500 guest" and after a minute all guests are gone.

In file global.php code:
// Check banned ip addresses
if(is_banned_ip($session->ipaddress, true))
{
	$db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' OR uid='{$mybb->user['uid']}'");
	error($lang->error_banned);
}
When guest with banned IP tries to access the board this SQL removes all guest sessions.

Replace with something like:
if(is_banned_ip($session->ipaddress, true))
{
	if ($mybb->user['uid'])
	{
		$db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."' OR uid='{$mybb->user['uid']}'");
	}
	else
	{
		$db->delete_query("sessions", "ip='".$db->escape_string($session->ipaddress)."'");
	}
	error($lang->error_banned);
}
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)
#2
Ah, nice catch
#3
Fixing this bug exposes another problem or bug - clearing old sessions once a day is insufficient. My mybb_sessions table has 109000 records... It is big because of old sessions which should be deleted once or twice per hour (and a session is old after 15-30 minutes of inactivity).

Working with big mybb_sessions table is slow also because of:
DELETE 
			FROM mybb_sessions 
			 WHERE ip='213.158.196.101' LIMIT 1 
and mybb_sessions does not have INDEX on ip column. This query is really slow without an index so its locks mybb_sessions table (in process list I have 1 query "updating" and more then 100 "locked" - all on mybb_sessions).

So after fixing the problem described in first post (clearing all guest sessions):
- add an INDEX to column ip in mybb_sessions table;
- clear old sessions more often.
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)
#4
I don't see a problem adding an index to the IP, but you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.
#5
(02-16-2009, 04:12 AM)Ryan Gordon Wrote: you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.
But I have. Why? Because I have really many visits from Google (many new users = many new sessions). I have online from 700 (morning) to 2500 (evening) users (guest+registered) and about 1,2 million real users per month (audited data from polish stats company). This means that I have many new sessions. After fixing this bug it took only 1 day to grow mybb_sessions to 100000 records.

I added a task (half-hour):
function task_pcf_sessions_cleanup($task)
{
        global $db;

        // Clear out sessions older than 15 minutes, 15*60=900
        $cut = TIME_NOW-900;
        $db->delete_query("sessions", "time < '{$cut}'");

        add_task_log($task, $lang->task_pcf_sessions_cleanup);
}
and (with index on ip column) it solves my problems.
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)
#6
This user has been denied support. This user has been denied support.
When does MyBB create a session in the database and how does it re-identify the users? If it's cookies then I guess anything that doesn't use cookies would create phantom sessions with every request?
#7
Clearing guest sessions more often sounds feasible - clearing all sessions (ie including users) would affect the Online Today function (heh, Who's Online Today on Index page plugins are going to take a hit though).
#8
(02-16-2009, 08:33 AM)frostschutz Wrote: When does MyBB create a session in the database and how does it re-identify the users? If it's cookies then I guess anything that doesn't use cookies would create phantom sessions with every request?
Yes, MyBB uses cookies. There are not many visitors with cookies disabled on my site (about 2-5%), but the phantom effect is possible.

(02-16-2009, 08:39 AM)Yumi Wrote: Clearing guest sessions more often sounds feasible - clearing all sessions (ie including users) would affect the Online Today function (heh, Who's Online Today on Index page plugins are going to take a hit though).
"Online today" takes data from mybb_users.lastactive. I checked it on my board - it is functioning properly.
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)
#9
^ Hmm, you're right about that - my memory's failing me >_> Sorry.
#10
(02-15-2009, 02:16 PM)koziolek Wrote: Fixing this bug exposes another problem or bug - clearing old sessions once a day is insufficient. My mybb_sessions table has 109000 records... It is big because of old sessions which should be deleted once or twice per hour (and a session is old after 15-30 minutes of inactivity).

Working with big mybb_sessions table is slow also because of:
DELETE 
			FROM mybb_sessions 
			 WHERE ip='213.158.196.101' LIMIT 1 
and mybb_sessions does not have INDEX on ip column. This query is really slow without an index so its locks mybb_sessions table (in process list I have 1 query "updating" and more then 100 "locked" - all on mybb_sessions).

So after fixing the problem described in first post (clearing all guest sessions):
- add an INDEX to column ip in mybb_sessions table;
- clear old sessions more often.

(02-16-2009, 08:13 AM)koziolek Wrote:
(02-16-2009, 04:12 AM)Ryan Gordon Wrote: you should never have that many sessions in that table (ncaabbs doesn't and we have on avg ~500 users online at any time) and it should be in memory if it's that big.
But I have. Why? Because I have really many visits from Google (many new users = many new sessions). I have online from 700 (morning) to 2500 (evening) users (guest+registered) and about 1,2 million real users per month (audited data from polish stats company). This means that I have many new sessions. After fixing this bug it took only 1 day to grow mybb_sessions to 100000 records.

I added a task (half-hour):
function task_pcf_sessions_cleanup($task)
{
        global $db;

        // Clear out sessions older than 15 minutes, 15*60=900
        $cut = TIME_NOW-900;
        $db->delete_query("sessions", "time < '{$cut}'");

        add_task_log($task, $lang->task_pcf_sessions_cleanup);
}
and (with index on ip column) it solves my problems.

So can we accept this solution?

(if so, the clearing task should be based on the setting)
Creativity is a drug I cannot live without.
[Image: 1]Support PM will be ignored


Forum Jump:


Users browsing this thread: 1 Guest(s)