Skip to Content.
Sympa Menu

shibboleth-dev - Re: Shibboleth SP Session Cache

Subject: Shibboleth Developers

List archive

Re: Shibboleth SP Session Cache


Chronological Thread 
  • From: André Cruz <>
  • To:
  • Subject: Re: Shibboleth SP Session Cache
  • Date: Thu, 3 May 2007 10:06:28 +0100


On May 2, 2007, at 8:26 PM, Scott Cantor wrote:

I was wondering if anyone has thought of implementing a plugin that
would store the SP session cache on a cluster of memcache (http://
www.danga.com/memcached/) servers?

I looked at it briefly and didn't really understand it very well, but
I was evaluating it from the perspective of using it as a default, which
also makes the additional dependency a problem. As an add-on, that's a
different story.

It also wasn't clear how well it handled writes, and my cache has to be
updateable, at least in the future.


The way the datastore works is like a dictionary. You get values by supplying a key and set values with a key. Of course, you can set the same key to a new value, which alters it. Also there are commands to increment/decrement a value in the hash but I don't think they are useful here. A hash function takes care of selecting the server to use given a key (all the clients need to have the same server list configured).

Keys
----

Data stored by memcached is identified with the help of a key. A key
is a text string which should uniquely identify the data for clients
that are interested in storing and retrieving it. Currently the
length limit of a key is set at 250 characters (of course, normally
clients wouldn't need to use such long keys); the key must not include
control characters or whitespace.


I guess some users would be instantly logged out if a server went
down but that doesn't seem too bad. Memcache is normaly used in front
of a DB but in this case it can be used independently.

It would have to be or there'd be no advantage. For timeouts to work, every
request has to update a last access timestamp, so you have to hit the actual
backing store.

Looking at it again briefly, the immediate problem I see is that my API is
implemented in terms of the exact record expiration time, not "seconds until
removal". There are specific reasons for that in order to handle inactivity
timeout without actually updating the XML data record on every request. I
need to know when the last access was, and I use the expiration to simulate
that.


Expiration times
----------------

Some commands involve a client sending some kind of expiration time
(relative to an item or to an operation requested by the client) to
the server. In all such cases, the actual value sent may either be
Unix time (number of seconds since January 1, 1970, as a 32-bit
value), or a number of seconds starting from current time. In the
latter case, this number of seconds may not exceed 60*60*24*30 (number
of seconds in 30 days); if the number sent by a client is larger than
that, the server will consider it to be real Unix time value rather
than an offset from current time.


I think it could be worked around, but probably by using multiple internal
records to store the last access value separately. The storage API doesn't
know or care how the data is managed, it just has to rely on the semantics
being correct, including record versioning to detect when data is out of
sync.

I have no time to do this, and I can't really tell you that the API will
allow for it unless somebody tries it, so it's pretty much down to that. I'm
happy to make adjustments within reason if they will be needed.

Given this new info, can you already tell if it can be done? I too don't have much time but I would like to do this, if it is viable. Also, if there some example plugin already coded somewhere?

Thanks,
André


Archive powered by MHonArc 2.6.16.

Top of Page