#musicbrainz-devel

* Ian McEwen: Merge branch 'area-search-fixes'

* Ian McEwen: area search fixes: fix up tests

Zebbler Encanti Experience - Psychic Projections - Data Mind

uuuuuuuuuuuuugh

ocharles, do you have any idea of what causes the inability to stay logged in? :(

reosarevok: no

or I would have fixed it :)

Meh, it's *very* annoying :(

I know, it's a priority

Ok

but I'm unable to even reproduce it myself

I'm assuming you're using beta?

I wonder if beta hasn't been updated and is setting the wrong cookie

I'm logged out on beta, but I'm still logged in on the main servers

No

I'm using prod

Ok

On Chrome, in case it matters

I get logged out at least once a day (since every time I go check the subscription mail in the morning I'm logged out)

Are you opening multiple tabs straight away?

Yeah, of course :)

(and usually some of them find me logged out, some do not - not necessarily in order, either)

ok, try not doing that next time

It sounds race-conditiony

In fact, if all those tabs send the same cookie, then that's probably what logs you out

The first one would consume the remember me token, the next would try but fail because that token doesn't exist now, and would log you out

... er, ok

But that certainly would need fixing anyway

Ok

sure, I'm just trying to work out what the problem is

Ok, I'm pretty convinced that multiple tabs is the problem.

If you have no session in progress, the browser will send your 'remember_me' token. The server consumes this token exclusively (it atomically gets/deletes it) and then opens a session for you, logging you in.

If you make another request without a session but with a 'remember_me' token, you will have a new session opened for you, but the 'remember_me' token will fail to authenticate you

Now you've removed your logged in session, and you will be logged out

Because the session is global (over musicbrainz.org), you're logged out in all tabs

I'm not sure how to fix this though. I could put a 'grace window' on token consumption, but then I have to write a little daemon to periodically clean these up. Maybe Redis can be set to do that

I'll give that a try and we'll see if things get better

ocharles: redis can expire things for you

ocharles: why does the token need to be consumed?

warp: they are one use tokens

yes, why are they one use tokes? :)

you don't want someone grabbing all your cookies because then they can always login as you

even if you've used that token up

yes, I'll try with redis and EXPIRE

and whenever a token is consumed, it will be set to expire in 5 minutes

so in that case they're no longer one use tokens, but limited use tokes?

yea

ok, that sounds good.

(not having a session and then opening a bunch of musicbrainz tabs at once which should all log in with the remember me token is a valid thing to do :)

ocharles: if I do the above, will you still generate new remember me tokens for each of those tabs? or only once when the token is used while it is not yet expiring?

at the moment, I will give you new tokens for all the tabs

maybe we should always expire these tokens after $some_large_duration

ocharles: oh and.. can I stay logged in using a remember me tokens on different machines and different browsers?

to prevent redis forever growing

warp: yes, each browser will have its own session store, and thus its own remember_me token

(and when you log in each will have its own session)

ocharles: yes, redis stores everything in memory, so please do not store anything indefinitely :)

:)

(Though I'd suggest a year or so for the expire date of non-expiring remember me tokens)

Yea, I was thinking a year

lame, you can't expire members in a set

And Redis.pm doesn't know what setex is, apparently

Ok, in review reosarevok

Should be able to go to beta soon :)

joy, enabling the nixos firewall stops ipv6 working :(

ping6 google.com # for example, doesn't work

luks: ping

ijabz: pong

I tried submitting a few acoustd.mbids and acoustic didn't seem to update

tried again, still not tree this is with user key aOTPs1LD

I don't see anything wrong with the update process

nikki: is http://tickets.musicbrainz.org/browse/MBS-6454 a regression?

I'm guessing I broke it with the relationship example stuff

I'm pretty sure it is

ok, put in the latest fix version

luks (sorry on phone), so Ive checked it gets sent, and I get ok status back so why would it not show up on the view page

can you track it if I sends it again ?

ijabz: I can look up the old submissions as well

Do servers need kicking again?

Hmm, might have been just a moment

Or not, 502 entering votes...

did I crash the server, or is vvodafone gsm just misbehaving? cant tweak this anymore: http://musicbrainz.org/release/c1093b4a-f9bb-42...

nor can picard deal with it

What you mean you can't tweak it?

You had an open edit setting the "front" to back, I've approved it

it cant load album info, thats what It says when I click on load-in-tagger

Oh

Probably just that the servers are acting silly

do we still have an unhappy server?

Well, it's working *right now*, but not 2 min ago

looks like astro is on fire

and flipping the back/front pics was not instantly visible. the second attempt of loading front gave me a sort of backtrace

olaf_: most edits aren't instantly visible, they need to be voted on

ok, now I see front/back is visible

and correct even

now picard can load the info.

Yes, because I approved the change and fixed the rest

Hrm, astro seems to have put itself out

ping me if the site is unresponsive again

nikki: looking worse again atm?

no, it's just pretty much a constant trickle of them over the last few days

but normally they're very rare and tend to only happen when things have gone really bad :(

so I really don't know what's supposed to be wrong

presumably the response takes 30 seconds as well?

most of them are just emailed me to me, but the one I got earlier was instant

it should never be instant, that means the timeout would be kicking in really quick

Do you have the queries that this happens for? Are they the same query?

If you see a cancellation that didn't take 30 seconds, see if the host is in the error

the host isn't in the emails I get, the one I reported was from beta so pino

hrm

beta had an instant timeout, you mean?

yes

at least, it seemed instant to me

I almost reported it as a beta ticket until I refreshed and it went away and I read the ISE and noticed it was the same as the emails :/

looking at the queries, there are a lot of release ones but maybe we just get a lot of people loading releases

and one of them is /ws/2/artist with only *-rels inc flags, one is a recording search, one is an artist search, one is displaying a recording...