search

Scifabric / pybossa

PYBOSSA is the ultimate crowdsourcing framework (aka microtasking) to analyze or enrich data that can't be processed by machines alone.
http://pybossa.com
GNU Affero General Public License v3.0
745 stars 269 forks source link

Cookie size #660

Closed redhog closed 10 years ago

redhog commented 10 years ago

It seems PyBossa easily exceeds the maximum cookie size / number of cookies, resulting in the following:

Bad Request

Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit. Cookie /n Apache/2.2.22 (Ubuntu) Server at alerts.dev.skytruth.org Port 80

teleyinex commented 10 years ago

Hi,

I discovered this recently too. In Nginx you can actually increase the size without problems to solve the issue, but I need to address it in a different way. Thanks for opening the issue. I'll fix it soon!

chispita commented 10 years ago

Hi,

I had the same problem, but it only show up in chrome. I increase LimitRequestFieldSize to 65536 in my apache configuration, and It seems be perfect.

redhog commented 10 years ago

Ah yes, I arrived at the same solution, and decided to document it in the installation instructions:

https://github.com/PyBossa/pybossa/pull/663/files

redhog commented 10 years ago

The site actually creates one cookie per task run, guaranteeing that we will run out of space sooner or later - regardless of apache config. If you haven't run into this on nginx @teleyinex it just means that you haven't done enough tasks :) (we have users doing 1000nds of tasks)

Here is the offending code: https://github.com/PyBossa/pybossa/blob/master/pybossa/api/__init__.py#L112

It seems that just using a fixed cookie name should work, and would fix the issue... I'm going to try that, and make a pull-request soon if it works.

redhog commented 10 years ago

It comes from the following commit

https://github.com/PyBossa/pybossa/commit/e44e026a2a357404b2848459391d4afbd236e1a9

that was done to "solve" the following issue:

https://github.com/PyBossa/pybossa/issues/596

It seems like just using one cookie isn't really possible - newtask and taskrun calls are done async, and can happen in any order...

I don't really think that this code is needed, nor should be there. The throttling is a better solution, maybe combined with checking that one user can only ever answer the same task once.

I think this kind of code amounts to DRM. If someone is determined to automate answering, they will be able to do so.

teleyinex commented 10 years ago

Hi @redhog

You are 100% right! I have created a really complicated solution for a problem that it is solved now allowing users to add as many answers as they want to a given task.

I'll remove this code asap, to fix it, ok? And I'll make sure that only 1 task_run can be posted from the same user :-)

Sorry for the bug!

redhog commented 10 years ago

No worries :) Awesome!