Page MenuHomePhabricator

resetGlobalUserTokens is too slow
Open, Needs TriagePublic


Currently it takes about a week to drop all sessions (ie. log everyone out) on all Wikimedia wikis. If there is a real danger of account theft, that's not a huge help; the scripts needs to be significantly faster.

See also: T49490: resetUserTokens.php not usable on large wikis

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Tgr.

The reason for the slowness is that a separate database update is done for every user. Changing it to a multi-row operation is not trivial as it would have to set the token field of each row to a different, cryptographically secure value in a replication-safe way (so using built-in random functions is not an option).

For MySQL that could probably be achieved with something like

SET @token := '';
UPDATE globaluser
SET gu_auth_token = ( @token := sha1( concat( <salt>, @token ) ) )
WHERE gu_id IN (...);

But it would be nicer to have an explicit "invalid" value for tokens, just like it's done for passwords, and just set all fields to that and let the autoupdate the next time a token is needed.

(duplicate comment removed)

I was also thinking about having some constant $wgSessionVersion = 1, and we just bump that everytime we need to invalidate all sessions.

Change 267735 had a related patch set uploaded (by Anomie):
Use $wgAuthenticationTokenVersion

Change 267735 merged by jenkins-bot:
Use $wgAuthenticationTokenVersion

Change 268850 had a related patch set uploaded (by Gergő Tisza):
Speed up ResetGlobalUserTokens

Tgr set Security to None.