Page MenuHomePhabricator

resetGlobalUserTokens is too slow
Open, Needs TriagePublic


Currently it takes about a week to drop all sessions (ie. log everyone out) on all Wikimedia wikis. If there is a real danger of account theft, that's not a huge help; the scripts needs to be significantly faster.

See also: T49490: resetUserTokens.php not usable on large wikis


Related Gerrit Patches:
mediawiki/extensions/CentralAuth : masterSpeed up ResetGlobalUserTokens
mediawiki/extensions/CentralAuth : masterUse $wgAuthenticationTokenVersion

Event Timeline

Tgr created this task.Jan 27 2016, 5:29 AM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Tgr.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptJan 27 2016, 5:29 AM
Tgr added a comment.Jan 29 2016, 10:07 PM

The reason for the slowness is that a separate database update is done for every user. Changing it to a multi-row operation is not trivial as it would have to set the token field of each row to a different, cryptographically secure value in a replication-safe way (so using built-in random functions is not an option).

For MySQL that could probably be achieved with something like

SET @token := '';
UPDATE globaluser
SET gu_auth_token = ( @token := sha1( concat( <salt>, @token ) ) )
WHERE gu_id IN (...);

But it would be nicer to have an explicit "invalid" value for tokens, just like it's done for passwords, and just set all fields to that and let the autoupdate the next time a token is needed.

Tgr added a comment.EditedJan 29 2016, 10:08 PM

(duplicate comment removed)

I was also thinking about having some constant $wgSessionVersion = 1, and we just bump that everytime we need to invalidate all sessions.

Change 267735 had a related patch set uploaded (by Anomie):
Use $wgAuthenticationTokenVersion

Change 267735 merged by jenkins-bot:
Use $wgAuthenticationTokenVersion

Change 268850 had a related patch set uploaded (by Gergő Tisza):
Speed up ResetGlobalUserTokens

Tgr updated the task description. (Show Details)Feb 10 2016, 3:08 AM
Tgr set Security to None.