Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CachedJwtTokenManager 会导致同一用户的token同时到期,导致auth接口出现密集调用和timeout #12823

Closed
Melod-YI opened this issue Nov 5, 2024 · 3 comments
Labels
area/Client Related to Nacos Client SDK kind/enhancement Category issues or prs related to enhancement.

Comments

@Melod-YI
Copy link

Melod-YI commented Nov 5, 2024

image

image
这里对同一个username会返回同一个token,完全相同的expiredTime。

image
而nacos client sdk里,对超时需要重新申请token的时间处理上没有任何随机值。
会出现类似于缓存雪崩的情况,导致很集中的auth请求在同一时间触发。

对业务倒是没见到具体的影响,但是感觉这样不太好。

可以考虑:

  1. 客户端login加入随机的delay,避免同一时间发起login
  2. 服务端仅对token的校验进行缓存,对token的生成不进行缓存
  3. 其他更好地方式(欢迎讨论)
@KomachiSion KomachiSion added area/Client Related to Nacos Client SDK kind/enhancement Category issues or prs related to enhancement. labels Nov 7, 2024
@lucky8987
Copy link
Contributor

@KomachiSion 可以随机调整tokenRefreshWindow 时间窗口来实现,确定的话我可以提交PR修复作为优化?

@KomachiSion
Copy link
Collaborator

@KomachiSion 可以随机调整tokenRefreshWindow 时间窗口来实现,确定的话我可以提交PR修复作为优化?

可以在客户端测支持

@MajorHe1
Copy link
Collaborator

服务端仅对token的校验进行缓存,对token的生成不进行缓存

@Melod-YI 如果不缓存token的生成,那么token的数量就不可控了,会造成内存压力以及匹配计算压力。

在客户端随机调整tokenRefreshWindow 时间窗口可以减缓这个问题,但是注意tokenRefreshWindow 的值不能给的太小,防止出现token过期的问题

lucky8987 added a commit to lucky8987/nacos that referenced this issue Jan 16, 2025
…arge number of logins causing pressure on the Nacos server.
KomachiSion pushed a commit that referenced this issue Jan 21, 2025
…mber of logins causing pressure on the Nacos server. (#13046)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/Client Related to Nacos Client SDK kind/enhancement Category issues or prs related to enhancement.
Projects
None yet
Development

No branches or pull requests

4 participants