Task #94243
closed
Introduce session cookie signature
100%
Description
Several performance analysis showed that AbstractUserAuthentication takes a reasonable amount of processing time (~ 5-10% of total), even if a session ID are not given or invalid. In order to reduce database invocations for invalid sessions, a corresponding HMAC signature is added to HTTP cookie values.
Additional aspects¶
- requires change in testing-framework (probably use
UserSession->getCookieValue()), see https://github.com/TYPO3/testing-framework/blob/d74a027a186d62e6218b8e29328449d9b97e259f/Classes/Core/Functional/FunctionalTestCase.php#L425
Next steps (out of scope for this issue)¶
- try avoid loading AbstractUserAuthentication in general
- probably check cookie signature in middleware already
- separate authentication into session-cookie vs. login-process
Updated by Gerrit Code Review over 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review almost 3 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Oliver Hader over 2 years ago
Some numbers on on patch-set 7, using the official TYPO3 Introduction Package.
ab -n 2000 -c 50 -C 'fe_typo_user=null' https://ipXX.anyhost.it/
TYPO3 v12, PHP 8.1¶
before¶
Total transferred: 54930000 bytes
HTML transferred: 54136000 bytes
Requests per second: 290.29 [#/sec] (mean)
Time per request: 172.243 [ms] (mean)
Time per request: 3.445 [ms] (mean, across all concurrent requests)
Transfer rate: 7785.91 [Kbytes/sec] received
after¶
Total transferred: 54903283 bytes
HTML transferred: 54109460 bytes
Requests per second: 307.99 [#/sec] (mean)
Time per request: 162.342 [ms] (mean)
Time per request: 3.247 [ms] (mean, across all concurrent requests)
Transfer rate: 8256.73 [Kbytes/sec] received
→ approx 95% (5% less) processing time¶
TYPO3 v11, PHP 7.4¶
before¶
Total transferred: 46152000 bytes
HTML transferred: 45402000 bytes
Requests per second: 257.86 [#/sec] (mean)
Time per request: 193.903 [ms] (mean)
Time per request: 3.878 [ms] (mean, across all concurrent requests)
Transfer rate: 5810.94 [Kbytes/sec] received
after¶
Total transferred: 46152000 bytes
HTML transferred: 45402000 bytes
Requests per second: 291.90 [#/sec] (mean)
Time per request: 171.290 [ms] (mean)
Time per request: 3.426 [ms] (mean, across all concurrent requests)
Transfer rate: 6578.05 [Kbytes/sec] received
→ approx 88% (12% less) processing time¶
Updated by Gerrit Code Review over 2 years ago
Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review over 2 years ago
Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Gerrit Code Review about 2 years ago
Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337
Updated by Oliver Hader about 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 122eab1d928ede0b16099138abf740ebee78374e.
Updated by