There is a lot of mixed GET/POST back and forth among domains on login in a short time period. The sticky DC cookie will not work cross-domains easily. Options include:
a) Making login tokens and other sensitive cache/stash access use the BagOStuff READ_LATEST flag
b) Locking those tokens to use a unified BagOStuff config pointing to a single set of servers in one DC
c) Ugly VCL rules to treat CentralAuth login URLs like POST (not preferred)
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | aaron | T88445 MediaWiki active/active datacenter investigation and work (tracking) | |||
Resolved | aaron | T108253 Make sure CentralAuth login tokens work with two datacenters | |||
Declined | aaron | T111575 Make $wgSessionCacheType and $wgMainStash caches multi-DC ready | |||
Resolved | • mobrovac | T134811 Consider REST with SSL (HyperSwitch/Cassandra) for session storage | |||
Resolved | Smalyshev | T137272 Create BagOStuff subclass for HTTP |
Event Timeline
Change 234839 had a related patch set uploaded (by Aaron Schulz):
Converted api-token store to CentralAuthUser::getSessionCache()
Change 234922 had a related patch set uploaded (by Aaron Schulz):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()
Change 234839 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()
Change 234922 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()
Change 236822 had a related patch set uploaded (by 20after4):
Converted api-token store to CentralAuthUser::getSessionCache()
Change 236823 had a related patch set uploaded (by 20after4):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()
Change 236822 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()
Change 236823 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()