Bug 134022: PERFORMANCE: deleting old login cookies locks login checks

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
author: mkanat%bugzilla.org <> 2009-01-20 21:09:46 +0100
committer: mkanat%bugzilla.org <> 2009-01-20 21:09:46 +0100
commit: 5c76819f088805d6a3b483b00c34850eb766025a (patch)
tree: 6fab6dd667ddd4c93ac3d0b225142b728701587b /Bugzilla/Auth
parent: 1be84df9f63b9d0c4cd94caff9970115b8263ee4 (diff)
download: bugzilla-5c76819f088805d6a3b483b00c34850eb766025a.tar.gz
bugzilla-5c76819f088805d6a3b483b00c34850eb766025a.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 9098f8989..420bad16b 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -60,6 +60,8 @@ sub persist_login {
     # subsequent login
     trick_taint($ip_addr);
 
+    $dbh->bz_start_transaction();
+
     my $login_cookie = 
         Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie');
 
@@ -67,6 +69,13 @@ sub persist_login {
               VALUES (?, ?, ?, NOW())",
               undef, $login_cookie, $user->id, $ip_addr);
 
+    # Issuing a new cookie is a good time to clean up the old
+    # cookies.
+    $dbh->do("DELETE FROM logincookies WHERE lastused < LOCALTIMESTAMP(0) - "
+             . $dbh->sql_interval(MAX_LOGINCOOKIE_AGE, 'DAY'));
+
+    $dbh->bz_commit_transaction();
+
     # Prevent JavaScript from accessing login cookies.
     my %cookieargs = ('-httponly' => 1);
author	mkanat%bugzilla.org <>	2009-01-20 21:09:46 +0100
committer	mkanat%bugzilla.org <>	2009-01-20 21:09:46 +0100
commit	5c76819f088805d6a3b483b00c34850eb766025a (patch)
tree	6fab6dd667ddd4c93ac3d0b225142b728701587b /Bugzilla/Auth
parent	1be84df9f63b9d0c4cd94caff9970115b8263ee4 (diff)
download	bugzilla-5c76819f088805d6a3b483b00c34850eb766025a.tar.gz bugzilla-5c76819f088805d6a3b483b00c34850eb766025a.tar.xz