4784: X509 authentication hits database for every request


Compare The X509Middleware https://github.com/reviewboard/reviewboard/blob/master/reviewboard/accounts/middleware.py#L58from Review-board with the RemoteUserMiddleware from Django https://github.com/django/django/blob/master/django/contrib/auth/middleware.py#L27

Specifically see this comment/code from RemoteUserMiddleware which simply returns if the request's session already has a user and that user has the same username.

ReviewBoard currently hits the DB for every request, as it doesn't have this logic.

See this commit of our fork of ReviewBoard for changes that add this improvement (along with other X509 fields to use when creating users, feel free to ignore).

#1 david

Would you be willing to put together a patch for this?