View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019392 | mantisbt | webpage | public | 2015-02-23 09:08 | 2016-09-08 08:01 |
Reporter | Mr.Bricodage | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 1.2.19 | ||||
Summary | 0019392: MANTIS_BUG_LIST_COOKIE size limit | ||||
Description | Today, Mantis use the cookie named "MANTIS_BUG_LIST_COOKIE" to store on client side the last bug list filter result separated by a comma (%2C or 0x2C). Cookie size limit is defined on client and server side. Between browser limit (4096 bytes) and server limit (8090 bytes for Apache), Mantis still works even if Chrome or Firefox don't use the right cookie (cause the cookie value is truncated by browsers). Example : if a cookie is to long, server send Even with the "bad" cookie, The mantis page is OK, displayed bugs are all present and not truncated with browser cookie's values. I saw in mantisbt code that the cookie is named $g_bug_list_cookie and is used 2 times : My question is : is this cookie still mandatory/useful in mantis project or is it a future deprecated parameter? Thanks in advance for your feedback, feel free to ask me questions if needed. | ||||
Steps To Reproduce | On https://Mantisbt.org/bugs, ask for 10000 bugs on the same page to view the page "Bad request" server response that show the limit is reached. Use phpinfo() or wireshark or other tool to see cookie content sent by http server and use browser cookie manager to view saved cookie. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
MANTIS_BUG_LIST_COOKIE is used to store the list of issues returned on a single page (in view_all_bug_page.php) by a given filter, to enable navigation between them by means of the previous/next ([<<] and [>>]) links in view.php. By default, Mantis limits the size of list to 50 issues ($g_default_limit_view). Assuming 7 digits for bug IDs + 3 chars for the delimiter (%2C), we can "safely" handle over 400 issues in that list. Returning 10'000 bugs in a single page seems to me like a strange thing to do. It would lead to performance issues, or even out-of-memory errors. For example, on my dev box, loading 2'000 issues required over 10s execution time, and going for 10'000 (after allocating sufficient memory to PHP) took more than 45s. I'm wondering is your rationale / use case for returning so many issues on the view all page... If you're trying to dump a large amount of data, there are much better alternatives for that (export functions / plugins).
There is currently no intention of changing this mechanism, which has been working well enough for many years. |
|
Just to inform other users : My workaround : => To use mantis again, User has to delete manually the cookie "MANTIS_BUG_LIST_COOKIE" in his browser (or cookie value size can be reduced). Maybe a configurable value can be used as max value for this field? Regards |
|