[openstreetmap/openstreetmap-website] Unauthenticated session expiry (PR #5270)

[mmd]

Follow up for https://github.com/openstreetmap/operations/issues/1107

The goal of this PR is to set the `expiry_after` value for unauthenticated users to a fairly low value (read: a few hours). This way, memcached entries are no longer created with a TTL of 0 (unlimited).

Previously, logged one user sessions were evicted first, because their TTL is set to 30 days in session_persistence.rb / session_methods.rb. As a result, a number of users reported that they had to repeatedly sign in to osm.org, since their session was gone.

The chosen approach is based on what Gitlab is doing in https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/middleware/unauthenticated_session_expiry.rb, with the difference that I replaced redis by memcached, and warden by a simple logged on user check.

It still needs some tests. However, I'm not sure what the best way would be.

---

Prometheus stats: https://prometheus.openstreetmap.org/d/l4zgNUdMz/memcached?orgId=1&refresh=1m&var-instance=spike-06&var-instance=spike-07&var-instance=spike-08&from=now-30d&to=now
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5270

-- Commit Summary --

  * Unauthenticated session expiry

-- File Changes --

    M config/initializers/session_store.rb (43)
    M config/settings.yml (1)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5270.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5270.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5270
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/5270 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20241017/bb87f43a/attachment-0001.htm>