[SM-USERS] What is "security_tokens" in the userprefs?
Hey folks, I'm running the latest release (1.4.21) on OpenBSD, and I'm trying to track down why every so often (sometimes five times a day, sometimes once a week) my webmail UI will freeze up trying to refresh (or go to a different message/folder/etc) until the browser times out. A restart of Apache seems to "solve" the problem. However, during this time, websites are still responding just fine, and I can still retrieve my email via another IMAP client, so it doesn't seem to be an issue with either Apache or Dovecot IMAP. I did some poking around in my preferences (stored in a PostgreSQL database), and I noticed that the security_tokens row for my user is HUGE. Like over half a megabyte huge, which seems a bit .. off. It contains nothing but tokens like: i:INTEGER;s:12:"TOKEN"; where INTEGER is a ten-digit number, and TOKEN is a 12-character string. This pattern repeats over and over and over again, taking up dozens of screens of output when I'm looking at the query results in psql. What exactly are these tokens? Are these accumulated as long as I leave a browser logged in, or ...? I was wondering if the algorithm SquirrelMail uses to run through all of those might be causing the timeouts. I am running the following plugins if any of them raise an eyebrow: 1. delete_move_next 2. compatibility 3. calendar_sql_backend 4. calendar 5. listcommands 6. newmail 7. bounce 8. add_address 9. squirrel_logger 10. view_as_html 11. message_details 12. sent_subfolders 13. quicksave 14. server_settings 15. server_settings_backend 16. show_headers 17. lockout I have not yet disabled the plugins and re-enabled them one by one, as it sometimes takes minutes or days to replicate the issue, and I can't leave the plugins disabled that long unless it's really critical. I am also suspicious of the message highlighting preferences... I have a lot of them (probably a hundred or more), and it literally takes *minutes* to display the list of them in the web interface's options. Thoughts? Ideas? Questions? Help? Thanks folks! Benny -- "Hairy ape nads."-- Colleen, playing Neverwinter Nights -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] What is "security_tokens" in the userprefs?
>I did some poking around in my preferences (stored in a PostgreSQL > database), and I noticed that the security_tokens row for my user > is HUGE. Like over half a megabyte huge, which seems a bit .. off. > It contains nothing but tokens like: > > i:INTEGER;s:12:"TOKEN"; > > where INTEGER is a ten-digit number, and TOKEN is a 12-character > string. This pattern repeats over and over and over again, taking > up dozens of screens of output when I'm looking at the query results > in psql. > >What exactly are these tokens? Are these accumulated as long as > I leave a browser logged in, or ...? I was wondering if the algorithm > SquirrelMail uses to run through all of those might be causing the > timeouts. Just a quick reply, I did some more searching and found Paul's suggestion from a related question I've asked... I added: $max_token_age_days = 2; to my config_local.php, and it didn't appear to clean any of the tokens out. Benny -- "Hairy ape nads."-- Colleen, playing Neverwinter Nights -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] What is "security_tokens" in the userprefs?
On Thu, Mar 24, 2011 at 12:46 PM, C. Bensend wrote: > >> I did some poking around in my preferences (stored in a PostgreSQL >> database), and I noticed that the security_tokens row for my user >> is HUGE. Like over half a megabyte huge, which seems a bit .. off. >> It contains nothing but tokens like: >> >> i:INTEGER;s:12:"TOKEN"; >> >> where INTEGER is a ten-digit number, and TOKEN is a 12-character >> string. This pattern repeats over and over and over again, taking >> up dozens of screens of output when I'm looking at the query results >> in psql. >> >> What exactly are these tokens? Are these accumulated as long as >> I leave a browser logged in, or ...? I was wondering if the algorithm >> SquirrelMail uses to run through all of those might be causing the >> timeouts. > > Just a quick reply, I did some more searching and found Paul's > suggestion from a related question I've asked... I added: > > $max_token_age_days = 2; > > to my config_local.php, and it didn't appear to clean any of the > tokens out. In your version (assuming install from tarball from our site), this is the default anyway. Try setting it to 1 instead. That should cut your tokens roughly in half - if not, there may be some other issue. In general, you shouldn't get such a large collection of tokens unless you use webmail VERY heavily. It also won't hurt to log out, blank out all your tokens in the database and log in again. If setting that value to 1 above doesn't help, try that and see if it solves your refresh issue. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] What is "security_tokens" in the userprefs?
> In your version (assuming install from tarball from our site), this is > the default anyway. Try setting it to 1 instead. That should cut > your tokens roughly in half - if not, there may be some other issue. Yes, absolutely, installed from source from the SquirrelMail website. No vendor package. I've made the change to 1, we'll see how it goes. :) > In general, you shouldn't get such a large collection of tokens unless > you use webmail VERY heavily. It also won't hurt to log out, blank > out all your tokens in the database and log in again. If setting that > value to 1 above doesn't help, try that and see if it solves your > refresh issue. Well, I *do* use it quite heavily... I typically log in from three different hosts per day, all day, and don't always log out from each client. I've tried to be better about logging out from each session, but it didn't seem to make a difference. I know my usage pattern probably doesn't help this issue... I hope we can nail down the cause. I've also logged out and DELETEd the security_tokens row in the database, so maybe that'll help out too... Thanks much! Benny -- "Hairy ape nads."-- Colleen, playing Neverwinter Nights -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
