-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S2S: Reuse session instead of authenticating on every request #12228
Comments
Setting to 8.1 as this makes server to server sharing very slow, something to look at. |
So, as discussed on IRC with @LukasReschke we need to catch the cookie and resend it with auth, then just reuse it for further requests. But currently we use Sabre\Client which relies on Possibly solutions:
|
Let me dig into the code some time… Assigning to myself. |
I had a quick look and our current version of Sabre wouldn't fit. But the new Sabre version seems to come with an improved client: https://github.com/fruux/sabre-dav/blob/2.1/lib/DAV/Client.php It also means that it's really time to upgrade Sabre... #12876 |
🔔 the new Sabre has arrived which means it will be possible to work with the cookies now 😄 |
Moving to 8.2 |
@LukasReschke any update ? |
I guess the outcome of #5383 could also help here ? |
#5383 was moved to 9.1 and is likely to be helpful to solve this one here. Moving to 9.1 as well. @cmonteroluque |
Pluggable auth should be able to help with this. When connecting to a remote federated share, one would need to pass a token in the "Authorization" header. Note that for fed share there is already a token, the share one. Not sure how to integrate this better with 9.1's new token based auth. @ChristophWurst |
Reuse session or send an Authentication header as per #11815. But reusing the session should reduce the burden on the remote server. |
There are actually two levels of reusing the session:
|
Hmm strange thing, I just tested on master and looking at access_log I only saw a single 401 appearing instead of multiple ones. Maybe one of the Sabre upgrades brought cookie support. Need to double check this. |
From what I see and remember, Sabre client's HTTP layer has changed a bit. And from what I see here https://github.com/fruux/sabre-http/blob/4.2.1/lib/Client.php#L348 it might be using a single curl session, which is likely to keep cookies. I'll check on the remote server to see if we're indeed reusing a session. |
Okay, I did some debugging on the target server and noticed that the sabre client was already sending the Authorization header for any requests that follow the one with 401. So the 401 only happens once. Now let's see if we can also reuse the session to reduce the load even more. |
Now thinking of it the public webdav usually isn't supposed to have a session. So there is still a little bit to save here. |
Will be obsoleted by #29779 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Currently server-to-server sharing's authentication mechanism is implemented within
core/apps/files_sharing/lib/connector/publicauth.php
Line 39 in 9df50c7
This is a very huge performance drawback as the password is hashed using bcrypt which consumes a lot of CPU power. Instead we should generate a session which can be then reused by the remote ownCloud server instead of re-authenticating on every request.
@icewind1991 FYI
The text was updated successfully, but these errors were encountered: