Page MenuHomePhabricator

Every UserLogin visit generates "Persisting session for unknown reason" entry in Logstash
Open, Needs TriagePublic


The log volume isn't too bad, but it doesn't seem particularly useful. And, perhaps more importantly, it seems worrying that possibly one of the most common ways to start a session (visiting the login page) is precieved by the code as an "unknown reason", which suggets there may be a bug in the code of unknown severity.

Source code:

Reproducible by visiting in private browsing, including with any other wiki hostname.

Event Timeline

"Unknown" just means the logging logic couldn't tell the reason. There are plenty of legitimate way for that to happen (e.g. Session::save() being called directly).

In any case, the logging code was added for T264370: User authentication security issue (Oct 1, 2020), which has probably been fixed. If you feel it's problematic, I think it's fine to remove.