ActiveSession.session_ids_for_user should fetch session keys in chunks
Spun out of https://gitlab.com/gitlab-org/gitlab-ce/issues/64257
Currently, ActiveSession.session_ids_for_user()
will query session:lookup:user:gitlab:..
and then issue an MGET
with the keys.
This is fine in normal circumstances, but in certain pathological situations (see https://gitlab.com/gitlab-com/gl-security/operations/issues/292 for example), this set may contain 7000 or more values.
This leads to a MGET
with all 7000 keys.
As a safety catch, we should update the method to fetch these keys in chunks of 200 keys at a time.
In psuedocode:
sessions := SMEMBERS session:lookup:user:gitlab:..
sessions := for chunk in chunks_of_size(sessions, 200) do MGET chunk
- ....
This will have no effect on normal operations, were a user has a small number of sessions, but for huge session lookups, this change will ensure that Redis stability is not affected.