6

I'm running an enterprise level PHP application. It's a browser game with thousands of users online on an infrastructure that my boss refuses to upgrade and the machinery is running on 2-3 system load (yep linux) at all times. Anyhow that's not the real issue. The real issue is that some users wait until the server gets loaded (prime time) and they bring their mouse clickers and they click the same submit button like 10 - 20 times, sending 10-20 requests at the same time while the server is still producing the initial request, thus not updated the cache and the database.

Currently I have an output variable on each request, which is valid for 2 minutes and I have "mutex" lock which is basically a flag inside memcache which if found blocks the execution of the script further, but the mouse clicker makes so many requests at the same time that they run almost simultaneously which is a big issue for me.

How are you, the majority of StackOverflow folks dealing with this issue. I was thinking of flagging the cookie/session but I think I will get in the same issue if the server gets overloaded. Optimization is impossible, the source is 7 years old and is quite optimized, with no queries on most pages (running off of cache) and only querying the database on certain user input, like the one I'm trying to prevent.

Yep it's procedural code with no real objects. Machines run PHP 5 but the code itself is more of a PHP 4. I know, I know it's old and stuff but we can't spare the resource of rewriting this whole mess since most of the original developers left that know how stuff is intertwined and yeah, I'm basically patching old holes. But as far as I know this is a general issue on loaded PHP websites.

P.S: Disabling the button with javascript on submit is not an option. The real cheaters are advanced users. One of them had written a bot clicker and packed it as a Google Chrome extension. Don't ask how I dealt with that.

Improve this question
10
  • 3
    How did you deal with that..? :) Commented May 29, 2013 at 13:44
  • 2
    I use websockets. The process-per-request model is a very poor fit for this sort of thing. Commented May 29, 2013 at 13:49
  • Yes well the application is old and it does not have that fancy MVC/Bigpipe/JSON/HTML5 History thingie that the modern websites use. It has far too many "hotfixes" to just put that interface over Commented May 29, 2013 at 13:50
  • Small capatcha (sp?) on click that'd stop all but the most advanced. We had the same issue in a web based game I worked on couple of hundred K users at any one time etc we ended up having commitals so all the requests went through but after the first one was committed any further actions (sending the same fleet multiple times) were blocked and dropped. It still generates the initial request but they're insignificant as long as their processing isnt happening the submit event is minor in load generation. If you're struggling with http load look at moving off apache onto cherokee/nginx/lighttpd Commented May 29, 2013 at 13:50
  • 1
    I say again -- the problem is your technology stack. Traditional PHP web SAPIs + Apache + Ajax hasn't been a good solution for event-driven applications with high concurrency since ... Well ... Ever. Commented May 29, 2013 at 14:00

4 Answers 4

Reset to default
1

I would look for a solution outside your code.

Don't know which server you use but apache has some modules like mod_evasive for example.

You can also limit connections per second from an IP in your firewall

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I'm getting the feeling this is touching more on how to update a legacy code base than anything else. While implementing some type of concurrency would be nice, the old code base is your real problem.

I highly recommend this video which discusses Technical Debt.

Watch it, then if you haven't already, explain to your boss in business terms what technical debt is. He will likely understand this. Explain that because the code hasn't been managed well (debt paid down) there is a very high level of technical debt. Suggest to him/her how to address this by using small incremental iterations to improve things.

Improve this answer

1 Comment

This video is spot-on.
0

limiting the IP connections will only make your players angry. I fixed and rewrote a lot of stuff in some famous opensource game clones with old style code: well, i must say that cheating can be always avoid executing the right queries and logic. for example look at here http://www.xgproyect.net/2-9-x-fixes/9407-2-9-9-cheat-buildings-page.html

Anyway, about performace, keep in mind that code inside sessions will block all others thread untill current one is closed. So be carefull to inglobe all your code inside sessions.Also, sessions should never contain heavy data.

About scripts: in my games i have a php module that automatically rewrite links adding an random id saved in database, a sort of CSRFprotection. Human user will click on the changed link, so they will not see the changes but scripts will try to ask for the old link and after some try there are banned! others scripts use the DOM , so its easy to avoid them inserting some useless DIV around the page.

edit: you can boost your app with https://github.com/facebook/hiphop-php/wiki

Improve this answer

Comments

0

I don't know if there's an implementation already out there, but I'm looking into writing a cache server which has responsibility for populating itself on cache misses. That approach could work well in this scenario.

Basically you need a mechanism to mark a cache slot as pending on a miss; a read of a pending value should cause the client to sleep a small but random amount of time and retry; population of pending data in a traditional model would be done by the client encountering a miss instead of pending.

In this context, the script is the client, not the browser.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.