From 5c76819f088805d6a3b483b00c34850eb766025a Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Tue, 20 Jan 2009 20:09:46 +0000
Subject: Bug 134022: PERFORMANCE: deleting old login cookies locks login
 checks Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

---
 Bugzilla/Auth/Persist/Cookie.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Bugzilla/Auth')

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 9098f8989..420bad16b 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -60,6 +60,8 @@ sub persist_login {
     # subsequent login
     trick_taint($ip_addr);
 
+    $dbh->bz_start_transaction();
+
     my $login_cookie = 
         Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie');
 
@@ -67,6 +69,13 @@ sub persist_login {
               VALUES (?, ?, ?, NOW())",
               undef, $login_cookie, $user->id, $ip_addr);
 
+    # Issuing a new cookie is a good time to clean up the old
+    # cookies.
+    $dbh->do("DELETE FROM logincookies WHERE lastused < LOCALTIMESTAMP(0) - "
+             . $dbh->sql_interval(MAX_LOGINCOOKIE_AGE, 'DAY'));
+
+    $dbh->bz_commit_transaction();
+
     # Prevent JavaScript from accessing login cookies.
     my %cookieargs = ('-httponly' => 1);
 
-- 
cgit v1.2.3-24-g4f1b