? Success

User tests: Successful: Unsuccessful:

avatar Hackwar
Hackwar
11 Feb 2015

This adds caching to the authorise method of JUser. Instead of doing the whole check each time JUser::authorise() is called, the checks are done once per session and that is it. This is quite a performance improvement.

To prevent the session from being overrun by the access cache, the number of access results to cache is limited to 250 entries. That should be equivalent to around 10-14kb of data.

I did not make scientific tests with this, just some manual comparisons and I did get positive results in terms of performance gain.

There is a potential issue when an extension creates its own login/logout code that does not use JApplicationCMS::login/logout and which does not correctly reset the JUser object. In that case however, that extension has quite large security issues anyway.

Anyway, I made the caching variable private, so that we can remove it again in case it turns out to be a failure. There is no backwards compatibility issue there.

avatar Hackwar Hackwar - open - 11 Feb 2015
avatar joomla-cms-bot joomla-cms-bot - change - 11 Feb 2015
Labels Added: ?
avatar zero-24 zero-24 - change - 11 Feb 2015
Easy No Yes
avatar brianteeman brianteeman - change - 11 Feb 2015
Easy Yes No
avatar zero-24 zero-24 - change - 12 Feb 2015
Category Libraries
avatar roland-d
roland-d - comment - 19 May 2016

@Hackwar
What are the test instructions to make sure this is properly tested?

If I am not mistaken this requires a user to logout and login again to get the correct permissions once it has been changed. How does this relate to the PR #8805? Does this have any effect on this PR?

avatar conconnl
conconnl - comment - 25 Jun 2016

@Hackwar can we have test instructions and can you answer Roland his question.
We have a PBF now and want to be able to test this.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6053.

avatar mbabker
mbabker - comment - 25 Jun 2016

With the change in how the JUser object is serialized to the session, is this even still valid? At best it would cache the lookups for a single request cycle based on current staging.

avatar tomartailored
tomartailored - comment - 18 Jul 2016

can we have test instructions


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6053.

avatar creativeprogramming
creativeprogramming - comment - 22 Jul 2016

They are not interested in performance improvements, just 'code poetry'. ;)

quoting:

#8805
image

avatar mbabker
mbabker - comment - 22 Jul 2016

They are not interested in performance improvements, just 'code poetry'. ;)

Sorry we don't intend to rewrite Joomla as a non-PHP application to follow your scoping and performance preferences ?

avatar Hackwar
Hackwar - comment - 24 Jul 2016

This PR was meant for when the serialized user object was stored in the session. Since that has changed, I have no idea about the implications that this has on the usefullness of this PR. A cache for the access data still seems to be usefull, but as @mbabker wrote, in the current situation its value is greatly diminished.

avatar roland-d
roland-d - comment - 26 Jul 2016

@Hackwar Shall we go ahead and close this then? I mean, is it worth the time and effort to pursue this further if the value is greatly diminished?

avatar roland-d roland-d - change - 31 Jul 2016
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2016-07-31 20:45:05
Closed_By roland-d
avatar roland-d roland-d - close - 31 Jul 2016
avatar roland-d
roland-d - comment - 31 Jul 2016

@hackwar Closing this as the usability has been greatly diminished. If you wish to pursue this further feel free to re-open the pull request. Thank you for your contribution.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6053.

Add a Comment

Login with GitHub to post a comment