Public bug reported: For the new Ajax progress bar, Bug 1352028, we changed htdocs/auth/session.php so that it closes the PHP session when not in use. This was necessary in order to allow multiple requests to the same session to process simultaneously; PHP by default locks the session between the time you call session_start() and session_write_close().
The downside to this approach, though, is that every time you call session_start(), PHP adds a new (duplicate) PHP_SESS_ID cookie to the request header. Since we open and close the session every time we call $SESSION->set() now, this can lead to a very large cookie header. On our hosting environment, these headers got too large and started causing our Nginx proxy server to throw errors while trying to initiate an MNet connection. This causes the proxy server to throw a 500 error, and to log an error like this: 2015/04/20 14:59:03 [error] 14845#0: *137093286 upstream sent too big header while reading response header from upstream, client: 2404:130:0:1000:61f4:7e47:8a26:821, server: master- mahara.catalystdemo.net.nz, request: "GET /auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http ://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl= HTTP/1.1", upstream: "http://202.78.243.12:9226/auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http ://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl=", host: "master-mahara.catalystdemo.net.nz" ** Affects: mahara Importance: Critical Assignee: Aaron Wells (u-aaronw) Status: Confirmed ** Affects: mahara/15.04 Importance: Critical Assignee: Aaron Wells (u-aaronw) Status: Confirmed ** Affects: mahara/15.10 Importance: Critical Assignee: Aaron Wells (u-aaronw) Status: Confirmed ** Tags: mnet session ** Also affects: mahara/15.04 Importance: High Assignee: Aaron Wells (u-aaronw) Status: Confirmed ** Also affects: mahara/15.10 Importance: Undecided Status: New ** Changed in: mahara/15.04 Importance: High => Critical ** Changed in: mahara/15.10 Importance: Undecided => Critical ** Changed in: mahara/15.10 Milestone: None => 15.10.0 ** Changed in: mahara/15.10 Assignee: (unassigned) => Aaron Wells (u-aaronw) ** Changed in: mahara/15.10 Status: New => Confirmed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1446036 Title: Session changes in Mahara 15.04 can cause excessively large response headers Status in Mahara ePortfolio: Confirmed Status in Mahara 15.04 series: Confirmed Status in Mahara 15.10 series: Confirmed Bug description: For the new Ajax progress bar, Bug 1352028, we changed htdocs/auth/session.php so that it closes the PHP session when not in use. This was necessary in order to allow multiple requests to the same session to process simultaneously; PHP by default locks the session between the time you call session_start() and session_write_close(). The downside to this approach, though, is that every time you call session_start(), PHP adds a new (duplicate) PHP_SESS_ID cookie to the request header. Since we open and close the session every time we call $SESSION->set() now, this can lead to a very large cookie header. On our hosting environment, these headers got too large and started causing our Nginx proxy server to throw errors while trying to initiate an MNet connection. This causes the proxy server to throw a 500 error, and to log an error like this: 2015/04/20 14:59:03 [error] 14845#0: *137093286 upstream sent too big header while reading response header from upstream, client: 2404:130:0:1000:61f4:7e47:8a26:821, server: master- mahara.catalystdemo.net.nz, request: "GET /auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http ://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl= HTTP/1.1", upstream: "http://202.78.243.12:9226/auth/xmlrpc/land.php?token=3acfeeb7cad9814471ec5932fc293b30bbc7e387&idp=http ://mnet-moodle.testing.elearning.catalyst.net.nz&wantsurl=", host: "master-mahara.catalystdemo.net.nz" To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1446036/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
