Seems Auth part takes a lot of time - testing with simple /REST/2.0/ticket/xxxx request:
0,8s with token auth
0,5s with basic auth
0,1s with cookie auth
cookie auth speed is usable, but I want to avoid handling possible cookie/session expiration…
0.8s seems really slow. It might be a good idea to put some additional logging in to see where the time is being spent. I had wondering if it was an artificial sleep to stop timing attacks, but when I checked the code nothing jumped out at me.
is there any built-in logging config?
Setting ‘debug’ for LogToFile,StatementLog,LogStackTraces doesn’t have any effect on API requests…
I did some tests and found out 90% of time is spent in RT::Authen::Token->UserForAuthString()
in this loop:
while (my $token = $tokens->Next) {
if ($token->IsToken($cleartext_token)) {
$token->UpdateLastUsed;
return ($user_obj, $token);
}
}
in the if ($token->IsToken($cleartext_token)) part
1 Like