Page MenuHomePhabricator
Create Task
Maniphest T121329

SubmitAction creates sessions for logged out users on edit, preventing CDN cache hits
Closed, DeclinedPublic
Actions

Description

SubmitAction::show sets a cache-busting (via our VCL) cookie that prevents CDN cache hits for the session expiry (months). This does two good things:

a) If you get blocked after editing, you will see the talk page notification, due to CDN misses.
b) By accident, this also means that post-edit redirects and other quick modify+view cycles avoid seeing stale CDN data in the view step. Even though CDN purges are fast and PRESEND as deferred updates, there is no synchronization, so the purge may arrive after the user views they asset they just changed, resulting in stale content. To avoid regression, we could set an explicit cache busting cookie that only last for a few seconds. It would be set whenever a web request used CdnCacheUpdate. That would also make the consistency "feature" a clear and explicit feature rather that accidental.

To replace (a), some sort of AJAX system could be used via an RL module that checks for messages. To reduce AJAX traffic from one-off page views, we could keep the logic of long-lasting cookie (or localstore value) that is set when a user changes (e.g. edits) something and only have the JS do the AJAX request if it is set. The cookie would be named so as to NOT trigger the cache-miss logic in VCL, unlike now.

Related Objects
Search...

Event Timeline

aaron created this task.Dec 12 2015, 11:02 PM
aaron raised the priority of this task from to Needs Triage.
aaron updated the task description. (Show Details)
aaron added a project: Performance Issue.
aaron subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 12 2015, 11:02 PM
hoo subscribed.Dec 12 2015, 11:05 PM

How would that work for non-JavaScript users? Would you set the "old" cookie or something like that for them (but not http only) and then unset it in JS?

aaron renamed this task from SubmitAction creates sessions for logged out users that edit, preventing CDN cache to SubmitAction creates sessions for logged out users on edit, preventing CDN cache hits.Dec 12 2015, 11:09 PM
aaron set Security to None.
aaron added a project: Performance-Team.
ori subscribed.Dec 12 2015, 11:38 PM

Not sure I agree that this is a bug. Anonymous editors are editors, and editors don't get CDN cache hits. Maybe giving the session cookie a one-week expiry would be enough.

Gilles moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.Dec 14 2015, 7:38 PM
Krinkle subscribed.Nov 21 2016, 10:44 PM

This will naturally happen in an architecture where our skin layer is merely a front-end that composes page content, skin formatting and user-specific information. This is a long-term project tracked via T111588 and related RFCs. In that reality, user-specific information would be fetched in a ServiceWorker (kind of like AJAX, but better) and substituted into the Skin template client-side.

The ServiceWorker would refresh the user information at whatever interval we make it (e.g. every page view, and debounced however we like, maybe no no more than once per minute when loading multiple pages).

The ServiceWorker can also run on the server-side per the RFC above ("node-serviceworker"), which is what would be used for the first page view from a new browser, as well as for anyone with JavaScript disabled.

I propose to close this task since it's imho unlikely that this will happen in the short- to medium term as a separate change in MediaWiki core. Using client-side AJAX for this would be quite messy and most likely break all our existing JS interfaces. A ServiceWorker provides an elegant way for the client (or server-side service) do this at the network layer which that doesn't affect the browser window context (e.g. HTML/JS/CSS is parsed as if it was already there from the server).

Gilles closed this task as Declined.Dec 7 2016, 5:50 PM
Gilles subscribed.

This is abandoned in favor of T111588 which solves the same performance issue without affecting features.

Krinkle closed subtask T121440: Dedicated post-edit cache busting cookie to prevent stale reads (session consistency) as Resolved.Jun 15 2020, 9:27 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL