Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Restricted Task | |||||
| Open | None | T392170 sessionstorage namespacing | |||
| Open | None | T408935 Provision anonymous session storage |
Event Timeline
The sessionstore is used for MediaWiki core sessions and CentralAuth sessions (which are never anonymous). Those can be differentiated by key group on the BagOStuff Prometheus dashboard:
| core | CentralAuth | |
| GET/s (hits) | 1.5K | 200 |
| GET/s (misses) | 40 | 60 |
| GET MB/s | 2.5 | 0.06 |
| POST/s | 500 | 50 |
| POST MB/s | 1 | 0.01 |
| DELETE/s | 25 | - |
(This is based on last week's data.)
For core sessions, the SessionStore Prometheus metrics differentiate between anonymous and authenticated operations:
| anonymous | authenticated | |
| GET/s | 150 | 1.35K |
| POST/s | 300 | 200 |
| DELETE/s | 20 | 8 |
Sanity checks:
- The session writes Logstash dashboard has 370M writes for the last week (it's sampled 1:1000 so you have to add three magnitudes to all its numbers), out of which 235M are anonymous. Matches the 60% ratio from Prometheus; 500/s * 3600 * 24 * 7 = 300M / week, so it pencils out (there's a ~20% discrepancy but I'm just eyeballing the charts so that much is normal).
- The sessionstore service Prometheus metrics (which do not differentiate between core and CentralAuth sessions) have ~1.75K GET/s, 600 POST/s and 25 DELETE/s, which, again, close enough for eyeballing.
Bot traffic, which is the unpredictable part of our session load, is anonymous. SessionStore metrics don't go back for very long, but we can check the session writes dashboard for the last 3 months (the retention limit for Logstash) for anon writes: the largest daily sum in that range is about 4x the recent ones. The BagOStuff dashboard shows 1.5K POST/s and 200 DELETE/s as the peak value for the last year, so a 3x and 8x increase respectively. (The POST increases look like bot spikes. The DELETE increase was one time and I think it might have been the mass credentials stuffing attack, since DELETE would only happen during a successful login?) The Graphite data for BagOStuff, available between 2021-02 and 2025-04, also shows a max 4x difference between normal and peak POST load, with little variation in GETs (granted Graphite was disabled just around the time when session loads started to go up). Given that half of writes are anonymous, and the authenticated writes probably don't fluctuate much, that means an 5-7x increase of anon writes.
GETs are pretty stable over time. You can see the credentials stuffing attack (I think?) and the time during which NetworkSession was enabled, but those are <2x increases, and other than those, the variation is <30%. We have no way to estimate historical anonymous reads (we didn't differentate between anon and authenticated reads until maybe a month ago, and anon reads are such a small part of total reads that the number of total reads being stable doesn't really mean much) but it's reasonable to assume that they scale linearly with writes.
So, if you include the CentralAuth writes, roughly 10% of all reads and 50% of all writes are anonymous, and the separate service for anonymous core sessions will get reads and writes in the range of hundreds per second, and deletes in the range of tens per second, with maybe a 10x temporary increase expected during bot spikes.
 |  |  |  |
| core session reads (last year) | core session writes (last year) | core session reads (old Graphite data) | core session writes (old Graphite data) |
 |  |
| anonymous session operations (last week) | authenticated session operations (last week) |