Periodical queries for nodebb sessions
-
@baris Yep we have some custom plugins. Traffic is mostly from registered users (90%).
Now we have below 1 page view / sec.
Creating sessions isn't anything bad I believe. It's just what is reading all of them
I will try to get the stacktrace of connect-redis
-
Ok so most queries comes from line 90:
-
@baris It looks worse - We receive a request every 1 second. It looks like this particular user has a bot that tries to login every 1 sec.
After 1 hour he has 3600 active sessions that are tried to be cleared on login.
Maybe we could add a limit for maximum active sessions
-
@cryptoethic I have banned the particular user and no more sessions are created.
I suggest adding method
revokeSessionsAboveTreshold
that removes oldest sessions above treshold.User.auth.addSession = async function (uid, sessionId) { if (!(parseInt(uid, 10) > 0)) { return; } await cleanExpiredSessions(uid); await revokeSessionsAboveTreshold(meta.config.maxUserSessions); await db.sortedSetAdd('uid:' + uid + ':sessions', Date.now(), sessionId); };
I can add such a function and add PR to core. What do you think?
-
@cryptoethic please open an issue with the details on our github.