Task #94243: Introduce session cookie signature - TYPO3 Core - TYPO3 Forge

Custom queries

Accessibility
Easy tasks
Forge Triage
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
My open issues
No feedback within 90 days
Open Bugs
Open issues of 10
Recently modified
Regressions
Stabilization Issues
Usability or UX

Watchers (1)

Wittkiel Gruppe

Actions

Copy link

Task #94243

closed

Introduce session cookie signature

Added by Oliver Hader over 3 years ago. Updated about 2 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Performance

Target version:

Start date:

2021-05-31

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

Several performance analysis showed that AbstractUserAuthentication takes a reasonable amount of processing time (~ 5-10% of total), even if a session ID are not given or invalid. In order to reduce database invocations for invalid sessions, a corresponding HMAC signature is added to HTTP cookie values.

Additional aspects¶

requires change in testing-framework (probably use UserSession->getCookieValue()), see https://github.com/TYPO3/testing-framework/blob/d74a027a186d62e6218b8e29328449d9b97e259f/Classes/Core/Functional/FunctionalTestCase.php#L425

Next steps (out of scope for this issue)¶

try avoid loading AbstractUserAuthentication in general
- probably check cookie signature in middleware already
- separate authentication into session-cookie vs. login-process

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Gerrit Code Review over 3 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Oliver Hader over 3 years ago

Description updated (diff)

Actions

Copy link

Updated by Oliver Hader over 3 years ago

Description updated (diff)

Actions

Copy link

Updated by Gerrit Code Review almost 3 years ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Gerrit Code Review over 2 years ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Gerrit Code Review over 2 years ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Gerrit Code Review over 2 years ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Gerrit Code Review over 2 years ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

Updated by Oliver Hader over 2 years ago

Description updated (diff)

Actions

Copy link

#10

Updated by Gerrit Code Review over 2 years ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#11

Updated by Oliver Hader over 2 years ago

Some numbers on on patch-set 7, using the official TYPO3 Introduction Package.

ab -n 2000 -c 50 -C 'fe_typo_user=null' https://ipXX.anyhost.it/

TYPO3 v12, PHP 8.1¶

before¶

Total transferred: 54930000 bytes
HTML transferred: 54136000 bytes
Requests per second: 290.29 [#/sec] (mean)
Time per request: 172.243 [ms] (mean)
Time per request: 3.445 [ms] (mean, across all concurrent requests)
Transfer rate: 7785.91 [Kbytes/sec] received

after¶

Total transferred: 54903283 bytes
HTML transferred: 54109460 bytes
Requests per second: 307.99 [#/sec] (mean)
Time per request: 162.342 [ms] (mean)
Time per request: 3.247 [ms] (mean, across all concurrent requests)
Transfer rate: 8256.73 [Kbytes/sec] received

→ approx 95% (5% less) processing time¶

TYPO3 v11, PHP 7.4¶

before¶

Total transferred: 46152000 bytes
HTML transferred: 45402000 bytes
Requests per second: 257.86 [#/sec] (mean)
Time per request: 193.903 [ms] (mean)
Time per request: 3.878 [ms] (mean, across all concurrent requests)
Transfer rate: 5810.94 [Kbytes/sec] received

after¶

Total transferred: 46152000 bytes
HTML transferred: 45402000 bytes
Requests per second: 291.90 [#/sec] (mean)
Time per request: 171.290 [ms] (mean)
Time per request: 3.426 [ms] (mean, across all concurrent requests)
Transfer rate: 6578.05 [Kbytes/sec] received

→ approx 88% (12% less) processing time¶

Actions

Copy link

#13

Updated by Gerrit Code Review over 2 years ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#14

Updated by Gerrit Code Review over 2 years ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#15

Updated by Gerrit Code Review about 2 years ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#16

Updated by Gerrit Code Review about 2 years ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#17

Updated by Gerrit Code Review about 2 years ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#18

Updated by Gerrit Code Review about 2 years ago

Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#19

Updated by Gerrit Code Review about 2 years ago

Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#20

Updated by Gerrit Code Review about 2 years ago

Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#21

Updated by Gerrit Code Review about 2 years ago

Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337

Actions

Copy link

#22

Updated by Oliver Hader about 2 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset 122eab1d928ede0b16099138abf740ebee78374e.

Actions

Copy link

#23

Updated by Benni Mack about 2 years ago

Status changed from Resolved to Closed

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (1)

Task #94243

Introduce session cookie signature

Additional aspects¶

Next steps (out of scope for this issue)¶

Updated by Gerrit Code Review over 3 years ago

Updated by Oliver Hader over 3 years ago

Updated by Oliver Hader over 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Oliver Hader over 2 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Oliver Hader over 2 years ago

TYPO3 v12, PHP 8.1¶

before¶

after¶

→ approx 95% (5% less) processing time¶

TYPO3 v11, PHP 7.4¶

before¶

after¶

→ approx 88% (12% less) processing time¶

Updated by Gerrit Code Review over 2 years ago

Updated by Gerrit Code Review over 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Gerrit Code Review about 2 years ago

Updated by Oliver Hader about 2 years ago

Updated by Benni Mack about 2 years ago