0037098: Unnecessary token requests from the database on the issue page

ID	Project	Category	View Status	Date Submitted	Last Update
0037098	mantisbt	performance	public	2026-04-25 04:14	2026-05-05 10:41

Reporter	raspopov	Assigned To	community
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2.28.1
Target Version	2.29.0	Fixed in Version	2.29.0

Summary	0037098: Unnecessary token requests from the database on the issue page
Description	The view.php page makes numerous repeated calls to the `mantis_tokens_table` database table via the `token_get()` function. The number of calls is proportional to the change history and the number of contributors. For a fresh, minimal issue, this amounts to 4 unnecessary calls and 5 useful ones, and if all fields in the issue are filled out, it becomes 8 unnecessary calls and 5 useful ones. For long change histories, this can amount to tens or hundreds of unnecessary calls. Most hits occur due to frequent calls to the `token_get_value( TOKEN_ACCOUNT_CHANGE_EMAIL )` function from `mci_account_get_array_by_id()`. This issue was recently mentioned in post: 0036889:0070808.
Steps To Reproduce	Enable database logging, for example: `$g_log_destination = ‘page’; $g_log_level = LOG_DATABASE;` Go to any issue: view.php?id=...
Additional Information	It is proposed to implement a cache to simply store the return values of tokens from the database as a new global variable. It might be worth considering caching the user data returned by the `mci_account_get_array_by_id()` function.
Tags	No tags attached.

raspopov 2026-04-25 04:26 reporter ~0071048	PR: https://github.com/mantisbt/mantisbt/pull/2210 Working with the cache by function: `token_get()` or `token_get_value()`: the cache is checked and populated for both existing and non-existent tokens. `token_exists()` or `token_ensure_exists()`: only checks for the presence of an existing token in the cache; missing tokens are not checked. `token_touch()`, `token_update()`: only updates existing tokens in the cache (the ‘expire’ and ‘value’ fields); missing tokens are filtered out by the `token_ensure_exists()` function. `token_delete()`, `token_delete_by_owner()`, `token_delete_by_type()`: tokens are deleted from the cache (by type and/or owner) ; incidentally, the `token_delete_by_owner()` and `token_delete_by_type()` functions are not used in the MantisBT code. `token_create()`, `token_purge_expired()`: the entire cache is deleted; note that the `token_purge_expired()` function is protected against being called more than once. `token_get_by_type()`: not cached; used once and only on the manage_user_page.php page. `token_set()`: an existing token is cached in `token_get()`, and `token_update()` updates it in the cache; if the token is new, `token_create()` deletes the entire cache.

MantisBT: master 36044d26 2026-05-05 03:54 raspopov Committer: community Details Diff	Add a cache for tokens retrieved from the database A cache of tokens retrieved from the database has been added as a new global variable, $g_cache_token. The chosen cache format simplifies the process of obtaining a token and storing it in the cache, but makes it more complicated to verify the token ID; however, in practice, this does not reduce the cache's efficiency due to the optimal order of function calls in MantisBT. In addition, the code explicitly casts token identifiers to integers throughout. Fixes 0037098, https://github.com/mantisbt/mantisbt/pull/2210	Affected Issues 0037098
	mod - core/tokens_api.php	Diff File
	add - tests/Mantis/TokensApiTest.php	Diff File