limit session size

Bug #1843199 reported by Paul Collins
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Fix Released
Maximiliano Bertacchini

Bug Description

On Friday SSO experienced an outage due to space exhaustion on the database servers:

This was caused by a Web spider initiating and not completing logins in a short space of time, similar to LP:1779269. However, this occurred in such a short amount of time that the 24h threshold was not reached.

Related branches

Revision history for this message
Paul Collins (pjdc) wrote :

As a workaround, we added the following constraint:

ALTER TABLE django_session ADD CONSTRAINT pjdc_wgrant_cowboy_no_large_sessions CHECK (length(session_data) < 2000000) NOT VALID;

This can probably removed once a code fix is live.

Changed in canonical-identity-provider:
status: New → In Progress
assignee: nobody → Maximiliano Bertacchini (maxiberta)
Changed in canonical-identity-provider:
status: In Progress → Fix Committed
Revision history for this message
Maximiliano Bertacchini (maxiberta) wrote :

The number of openid tokens per session is now limited to 10 max (configurable via charm's `openid_token_limit` option).

Changed in canonical-identity-provider:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.