memory leak maybe? Has anyone noticed this?

  • Plugin & Theme Dev

    Pre-Attempted solution

    Not sure what exactly is going on .. but the site is fine .. until an hour or two (after a fresh restart) . then it becomes so slow, and im talking 20s-30s per request, until I forever restart {nodebb-proccess} then it immediately becomes fast again. I am not restarting nginx nor redis just the nodebb process.

    No obvious errors in the logs, except for some of these here

    Temp Solution

    crontab -e

    0 */1 * * * forever restartall

    Attempted Permanent Solution

    so what I did so far was upgrading express version in package.json per @julian's suggestion

      "dependencies": {
        "express": "~3.4.7",

    Post-Attempted Permanent solution

    No crashes yet. And I shut off the crontab for now maybe I can either reproduce the issue, or figure out if it's fixed
    I will feedback with results soon.

    BUT I'm still seeing some of these Forbidden errors in the logs

    Error: Forbidden
        at Object.exports.error (/var/www/
        at createToken (/var/www/
        at Object.handle (/var/www/
        at next (/var/www/
        at next (/var/www/
        at /var/www/
        at /var/www/
        at try_callback (/var/www/
        at RedisClient.return_reply (/var/www/
        at HiredisReplyParser.<anonymous> (/var/www/

    What's next

    if the issue reoccurs, i will try to monitor the heap, or use some tool to detect memory leaks.. but I am not even sure that's why the forum gets so slow after a while.

    Worth Noting

    # some things are getting deprecated in Express and Connect
    connect.multipart() will be removed in connect 3.0
    visit for alternatives
    connect.limit() will be removed in connect 3.0
    # and now my logs are spammed with hundreds of these.
    # so NodeBB will need a quick patch if the Express module gets upgraded
    req.session._csrf is deprecated, use req.csrfToken() instead
    req.session._csrf is deprecated, use req.csrfToken() instead
    req.session._csrf is deprecated, use req.csrfToken() instead
  • NodeBB Admin

    I upgraded my dev to express 3.4.7 and changed

    res.locals.csrf_token = req.session._csrf;


    res.locals.csrf_token = req.csrfToken()

    But still getting the warnings about req.session._csrf.

    Only removing app.use(express.csrf()); gets rid of them. Weird.

    timmywil created this issue in visionmedia/express

    closed Undocumented: `req.csrfToken()` #1741

  • GNU/Linux Admin

    This whole CSRF business is getting silly. The thing I hate is that the connect and express docs are horribly out of date (not to mention sparse to begin with).

    In fact, they changed the CSRF token stuff, but they hadn't updated the docs, and now they're changing the CSRF stuff again, but the docs are still old. 😞

    This is sort of a showstopper we'll have to resolve before 0.3.0 lands

Suggested Topics

| | |

© 2014 – 2022 NodeBB, Inc. — Made in Canada.