Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56243

Jenkins GUI is slow -removing cookie fixes it (temporarily)

    • Jenkins 2.184

      The last few week/months all our Jenkins users experience very a very slow web GUI after some time. 

      Situation:

      • In a clean browser (no cache, cookies) Jenkins is very fast
      • After some time (workday - 8 hours of active Jenkins use), Jenkins GUI starts to slow down:
        Loading jobs takes 10+ seconds, loading of static resources are very long pending etc.
        Jenkins just isn't workable for users at that time.
      • Logging out + in again does not fix it for that user.
      • Removing the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie fixes everything for that user and makes Jenkins blazing fast again.

       So, what happens with the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE? 
      Why does it cause the slowness after hours of use?

       [update]

       SECURITY-901 / CVE-2019-1003004 in Jenkins 2.150.2 introduced a security fix, but with a side effect that after some time (hours) the Jenkins GUI for that user starts to slow down to a crawl.

          [JENKINS-56243] Jenkins GUI is slow -removing cookie fixes it (temporarily)

          Matt Sicker added a comment -

          Added link to PR.

          Matt Sicker added a comment - Added link to PR.

          Matt Sicker added a comment -

          Need to add another test, but this looks to be about fixed.

          Matt Sicker added a comment - Need to add another test, but this looks to be about fixed.

          Sverre Moe added a comment -

          Looking forward to testing it out. Our developers are getting frustrated.

          Sverre Moe added a comment - Looking forward to testing it out. Our developers are getting frustrated.

          Matt Sicker added a comment -

          Incremental release available: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/cli/2.184-rc28433.92d6063c40c3/

          Still waiting for reviews before someone can merge it for the next weekly.

          Matt Sicker added a comment - Incremental release available: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/cli/2.184-rc28433.92d6063c40c3/ Still waiting for reviews before someone can merge it for the next weekly.

          Sverre Moe added a comment -

          I can test the incremental release on our Test Jenkins instance. I dare not install it in production.

          Sverre Moe added a comment - I can test the incremental release on our Test Jenkins instance. I dare not install it in production.

          djviking as you said before, if the "Disable remember me" workaround was not working for you, do not expect this change to work either. It's "just" the correction of the root cause of this issue. From my PoV, wiht all the information you gave, you have another (unknown?) problem that is different from this one.

          Wadeck Follonier added a comment - djviking as you said before, if the "Disable remember me" workaround was not working for you, do not expect this change to work either. It's "just" the correction of the root cause of this issue. From my PoV, wiht all the information you gave, you have another (unknown?) problem that is different from this one.

          Sverre Moe added a comment -

          There is another issue I have been tracking I think can be related to our problem of slowness. JENKINS-49319

          Sverre Moe added a comment - There is another issue I have been tracking I think can be related to our problem of slowness. JENKINS-49319

          Oleg Nenashev added a comment -

          The fix was released in Jenkins 2.184

          Oleg Nenashev added a comment - The fix was released in Jenkins 2.184

          Amit Dar added a comment -

          will this be included in the next LTS release?

          Amit Dar added a comment - will this be included in the next LTS release?

          Daniel Beck added a comment -

          Next baseline for sure. 2.176.2 certainly not. 2.176.3 possibly.

          Daniel Beck added a comment - Next baseline for sure. 2.176.2 certainly not. 2.176.3 possibly.

            jvz Matt Sicker
            henjovr Henjo van Rees
            Votes:
            26 Vote for this issue
            Watchers:
            43 Start watching this issue

              Created:
              Updated:
              Resolved: