Page MenuHomePhabricator

Make sure CentralAuth login tokens work with two datacenters
Closed, ResolvedPublic

Description

There is a lot of mixed GET/POST back and forth among domains on login in a short time period. The sticky DC cookie will not work cross-domains easily. Options include:
a) Making login tokens and other sensitive cache/stash access use the BagOStuff READ_LATEST flag
b) Locking those tokens to use a unified BagOStuff config pointing to a single set of servers in one DC
c) Ugly VCL rules to treat CentralAuth login URLs like POST (not preferred)

Event Timeline

aaron created this task.Aug 6 2015, 10:01 PM
aaron updated the task description. (Show Details)
aaron raised the priority of this task from to Normal.
aaron claimed this task.
aaron added projects: Availability, Epic.
aaron added subscribers: mobrovac, Gilles, GWicke and 8 others.

Change 234839 had a related patch set uploaded (by Aaron Schulz):
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234839

Change 234922 had a related patch set uploaded (by Aaron Schulz):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234922

Krinkle added a subscriber: Krinkle.Sep 4 2015, 3:25 AM

Change 234839 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234839

Change 234922 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234922

Change 236822 had a related patch set uploaded (by 20after4):
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236822

Change 236823 had a related patch set uploaded (by 20after4):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236823

Change 236822 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236822

Change 236823 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236823

aaron closed this task as Resolved.Sep 10 2015, 5:43 PM