Increase redis session max_concurrency limit from 6 to 32

[marvinhinz]

Description (*)

The default redis session concurrency limit is fairly low. This sometimes triggers error pages for customers who might have opened multiple links in new tabs.

I see no real drawback increasing this default value from 6 to 32.
For us this solved the problem completely in production systems.

Additional investigation is described in #17310 (comment) and #17310 (comment)

Fixed Issues (if relevant)

1. Fixes session_start(): Failed to read session data: user (path: /var/lib/php/sessions) #17310 that was wrongly closed by a now deleted user.

Manual testing scenarios (*) copied from @chris-pook

1. Using Google Chrome, login to the admin area
2. Open 10 or more browser tabs with the orders grid page
3. Click the left most tab
4. Hold shift and click the right most tab (this selects all tabs)
5. Right click the right most tab and select "reload"
6. Check the tabs after they have all reloaded, only ~6 will successfully load, the rest will exhibit this error *
7. Check the var/report folder for the start_session error report relating to the tabs that failed.
8. Now modify the max_concurrency to a value greater than the number of tabs, reload them all again and none will fail.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @marvinhinz. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE,
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[marvinhinz]

@magento run all tests

[ihor-sviziev]

@marvinhinz this case looks really strange and not sure if we really need to fix it.
Could you describe what the real issue you have on production? I don't think anyone from customers will reload 10 tabs at once. Is there any use case when it's needed?
Also not clear - do we have such issue in case if we use for instance session in files instead of redis? What behavior we have in this case?

[marvinhinz]

@marvinhinz this case looks really strange and not sure if we really need to fix it.
Could you describe what the real issue you have on production? I don't think anyone from customers will reload 10 tabs at once. Is there any use case when it's needed?

Thats actually a real issue. When testing our production systems its not uncommon to open many links with the ctrl key pressed, or using the mouswheelbutton. Also personally some customers tend to do this for e.g. comparing products/prices etc.

Also not clear - do we have such issue in case if we use for instance session in files instead of redis? What behavior we have in this case?

No, afaik this happens only with redis session enabled.

[ihor-sviziev]

@marvinhinz thank you for the info! will be really useful!

[ihor-sviziev]

✔ Approved.

Failing tests looks not related to changes form this PR.

[magento-engcom-team]

Hi @ihor-sviziev, thank you for the review.
ENGCOM-7852 has been created to process this Pull Request

[fritzmg]

In our instances even 32 was not enough. Why not set it even higher by default? Is there a drawback?

[fritzmg]

I don't think anyone from customers will reload 10 tabs at once. Is there any use case when it's needed?

The problems arise because Magento will cause several AJAX requests to be executed after the initial request. E.g. for loading customer sections, or JavaScript modules or any other content, that is loaded asynchronously. And depending on the theme and extensions you have installed, this number may increase drastically.

[marvinhinz]

In our instances even 32 was not enough. Why not set it even higher by default? Is there a drawback?

What value was sufficient for your projects? I dont think there would be drawbacks increasing it to for example 128?

@ihor-sviziev what do you think?

[ihor-sviziev]

I think it was set to such small value by default in order to prevent single customer to send too much requests and causing big load on production instance

…

On Fri, 17 Jul 2020 at 10:53, Fritz Michael Gschwantner < ***@***.***> wrote: In our instances even 32 was not enough. Why not set it even higher by default? Is there a drawback? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#29140 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOJOUNUK7WNWEQOSCBWUETR377N5ANCNFSM4O2IFKFQ> .

[fritzmg]

@marvinhinz we used 64 in the end.

@ihor-sviziev but does that make much sense? The requests are not prevented by this. And even if you want to reduce the load on the Redis server this way, then the fallback needs to work, which it currently does not (see #17310). And even if the fallback would work, it would simply increase the I/O load on the server - which is something that using the Redis Session Cache is supposed to avoid.

[engcom-Alfa]

✔️ QA Passed

Preconditions:

Redis server;
Use Redis for session storage devdocs

'session' =>
    array (
      'save' => 'redis',
      'redis' =>
      array (
        'host' => '127.0.0.1',
        'port' => '6379',
        'password' => '',
        'timeout' => '2.5',
        'persistent_identifier' => '',
        'database' => '2',
        'compression_threshold' => '2048',
        'compression_library' => 'gzip',
        'log_level' => '4',
        'max_concurrency' => '6',
        'break_after_frontend' => '5',
        'break_after_adminhtml' => '30',
        'first_lifetime' => '600',
        'bot_first_lifetime' => '60',
        'bot_lifetime' => '7200',
        'disable_locking' => '0',
        'min_lifetime' => '60',
        'max_lifetime' => '2592000'
      )
    ),

Manual testing scenario:

1. Using Google Chrome, login to the admin area;
2. Open 16 tabs with the orders page for example
3. Click the left most tab;
4. Right click the right most tab and select "reload"
5. Check the tabs after they have all reloaded;

Before: ✖️ Only ~6 will successfully load and others will have errors

Check the var/report folder for the start_session error report relating to the tabs that failed.

After: ✔️ Browsing pages in the admin area didn't throw an error

[marvinhinz]

Will this be included in the 2.4 release? :)

[fritzmg]

Will this be included in the 2.4 release? :)

This is something you can already do yourself. It does not fix the original issue.

[marvinhinz]

Will this be included in the 2.4 release? :)

This is something you can already do yourself. It does not fix the original issue.

I know, but it would be nice if newly installed shops dont run into this issue in the first place.

[ihor-sviziev]

I just found that this PR was discussed on the public triage meeting in https://www.youtube.com/watch?v=knegmLW94z4&t=1575s
but it still requires review from dev. side.

@sdzhepa @VladimirZaets just adding my thoughts about this PR and issue itself.

The issue appears not only with requests to the pages itself, but also to AJAX requests on the pages you're just opened opened, so sometimes you don't really need to open 6 pages, but just 2-3.

Real use case when this issue reproducing:
For marketing manager this is quite typical situation when you need to review multiple orders, you're opening few orders in a row, and it fails. You have to refresh the pages that failed.

Another use case - on frontend some customers opening few products in a new tab (usually from desktop) people doing that.

About limiting session concurrency - sessions is not the thing for decreasing load on the servers, we should have this limitation on the nginx/phpfpm or even on the WAF level.

About this change - it will change only default settings in env.php during magento installation, people still could increase / decrease this value in env.php file:

[ihor-sviziev]

@marvinhinz just an idea - what if we'll implement postponed sending of AJAX calls while tab is not active? As result - we'll send less requests in such cases to the backend and this issue probably will be also much less reproducible. We can use for that https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API

[Nazar65]

@ihor-sviziev just in case -> https://xumulus.com/magento-2-and-ajax-with-optimistic-session-locking/

I am wondering if it would make sense to implement an option (set through a special parameter using define() maybe?) that would change the session to read-only mode (this would mean disable locking on read and do nothing on write).

[Nazar65]

@ihor-sviziev this pr will not resolve the issue, with 32 number
also may be related -> #14973

[ihor-sviziev]

Hi @marvinhinz,
As we discussed with @Nazar65 - this PR actually masks the issue, instead of fixing it.

Proper solution will be introducing optimistic session locking mechanism, as described here #29140 (comment). That's definitely will be much bigger effort than this PR.

Will you be able to update your PR by introducing optimistic session locking mechanism?

[ihor-sviziev]

@marvinhinz I am closing this PR now due to inactivity.
Please reopen and update if you wish to continue.
Thank you for the collaboration!

Note: @Nazar65 you can take this issue

[m2-assistant]

Hi @marvinhinz, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.