Domain Mapping SSO slows down my website

Hi there!

While I'm working on different projects, I've elliminated a lot of server sided issues which brought my page loading time down to about 200ms! That's faster than you can say "Uhhhhhh".

However, that's on my front page. All other sites are affected by a small problem: Domain Mapping Single Sign on still thinks he's the boss.

Of course, it's a great, nay, brilliant and must-have feature (but it still seems to conflict with Object Cache :slight_frown:).

The problem is quite simple: Every single site has about 600 to 1200ms extra loading time from one single (blocking, I might add) request: admin-ajax.php?action=domainmap-setup-cdsso

This request is loaded on every single page visit, either mapped or not. With one exception: the main blog's homepage.

Now, here are two screenshots for you to gobble on, the first screenshot is a waterfall of a mapped domain, the second is one on a VIP database and shows how buggy Chrome actually sometimes is (random undocumented delays):
http://static.hostmijnpagina.nl/images/wpmudev-domain-mapping-cdsso.jpg
http://static.hostmijnpagina.nl/images/wpmudev-domain-mapping-cdsso2.jpg

As you can see, the mapped domain could've been loaded (without cache!) within 180ms! Unfortunately, 1.35s of load time has been added. And Google hates me for it :slight_frown: I litteraly got a stone kicked through my window last night with a letter on it that said: fix your site.

Ok, this is becoming more of a novel so I'll break things down for you:
1. Every page suffers from it when SSO is turned on.
2. After a cache flush with SSO turned off pages load FAST.
3. Have you turned off X plugin? Yes.
4. All of them? Nope, only the ones that affect the backend stayed on.
5. Have you tried without cache? Yup.
6. Anything else? I use Multi-DB, also this seems to be a common problem (with different setups and servers).
7. Priority? 1.3 sec load time (and 330ms on the VIP), about 300 to 600%!
8. Is it your internet? http://www.speedtest.net/my-result/3925825084 Welcome to Holland.

Any inputs? Thanks and have a great day! :slight_smile:

  • Tyler Postle

    Hey Sybre,

    Hope you're doing well today and thanks for your question!

    So, what I get from this post is... I should move to holland :wink:

    Do you have verify DNS setting turned ON? Can you try turning that off and see if you still have the issue. This has been a problem in the past as seen here: https://premium.wpmudev.org/forums/topic/redirect-loop-when-logged-into-admin-and-slow-site-domainmap-setup-cdsso#post-660478

    Let us know if that does the trick.

    Look forward to hearing back Sybre!

    All the best,
    Tyler

  • Sybre Waaijer

    I dug a little deeper into the problem as it's still occurring.

    I notice my notepad++ adds a lot of unnecessary breaks in the php files so this might be off, so I'll give the contents of the line with it.

    So this is what I found:

    1. A typo in module.php @ line 493: _replace_last_occurence
      This should be _replace_last_occurrence - Anyway, this isn't a problem lol as the definition is properly defined
    2. The admin-ajax.php script doesn't get loaded asynchronously
    3. The admin-ajax.php script gets loaded in the head

    So I've changed that what's listed above (except for the typo).

    This is what happened:
    Before: CA technologies reported 1200ms load time on my main page and 600ms load time on my subdomain.
    After: CA technologies reported 217ms load time on my main page and 140ms load time on my subdomain.
    http://status.hostmijnpagina.nl/

    This is massive. I don't know if it affected the functionality though.

    The changes, all in Cdsso.php:
    line 67, from:
    $this->_add_action( 'wp_head', 'add_auth_script', 0 );To:
    $this->_add_action( 'wp_footer', 'add_auth_script', 0 );

    Line 171, from:
    echo '<script type="text/javascript" src="', $url, '"></script>';To:
    echo '<script async type="text/javascript" src="', $url, '"></script>';

    Line 270, from:
    echo '<script type="text/javascript">';To:
    echo '<script async type="text/javascript">';

    Line 281, from:
    echo '<script type="text/javascript" src="', $url, '"></script>';To:
    echo '<script async type="text/javascript" src="', $url, '"></script>';

    This might break some functionality like logging out and in, but I'll let you know if that's the case (logout with SSO doesn't really work anyway, never really did and probably never will :p browsers are stubborn with cookies.

    For now, solved. Please consider the changes in your upcoming update. Please also tell me why you wouldn't if you don't want to.

    -------------

    ALSO, this is what caused the redirect loop with W3 Total Cache, it would be a nice addition to the instructions page of SSO:

    The following "page" gets loaded and causes a loop when a user gets off from another page to a subdomain/mapped domain, normally it just loops once while it logs the user in. With wrong cache settings an infinite loop occurs without an error, the page just keeps reloading.
    This is the page (in regex):
    ^subdomain.mydomain.com/?_domainmap_action=domainmap-authorize-user.*

    Making an exception for this in regex doesn't help. What does help is the following:

    W3 Total Cache -> Page cache -> UNCHECK "cache URIs with query sring variables".

    Also solved. Happy users, fast browsing :slight_smile:

    Good night ^^

    EDIT:
    quickly tested it with a testuser and it seems that the pages get loaded, then the admin-ajax.php kicks in and the page reloads to log the user in. This is only needed (and done) one time per user per mapped domain. So this will most likely just happen once per week per average user :stuck_out_tongue:

    So everything's still working and with saving 0.5 to 2 seconds of load time (on fiber connection), why not? :smiley:
    (2.5 seconds to 6 seconds on ADSL+, a friend of mine tested that earlier)

    @Sam :slight_smile:

    • Sybre Waaijer

      ALSO, this is what caused the redirect loop with W3 Total Cache, it would be a nice addition to the instructions page of SSO:

      The following "page" gets loaded and causes a loop when a user gets off from another page to a subdomain/mapped domain, normally it just loops once while it logs the user in. With wrong cache settings an infinite loop occurs without an error, the page just keeps reloading.
      This is the page (in regex):
      ^subdomain.mydomain.com/?_domainmap_action=domainmap-authorize-user.*

      Making an exception for this in regex doesn't help. What does help is the following:

      W3 Total Cache -> Page cache -> UNCHECK "cache URIs with query sring variables".

      Also solved. Happy users, fast browsing :slight_smile:

      I would like to note that this did not solve the problem after a cache refresh. The real problem solver is turning off Browser cache in W3 Total Cache. This may seem drastic and might lower your "Yslow" and "pagespeed" score, but the common user will in fact use a browser that caches as much as possible anyway - regardless of your settings in w3 Total Cache.

      They will however listen to your settings but in my opinion that is negligible and a error/hassle free browser experience tops a high speed-score any day.

      If you do wish to use some settings like gzip then I suggest reading a manual on doing so without a plugin. This most likely involves the "Optimize Website" option in cPanel or some .htaccess rules. Take care and have a great day!

      For now I also think that Object Caching has nothing to do with the redirect loop - because that also was a temporary fix.

  • Michael Bissett

    Hey @Sybre, thanks for the code suggestions, and the fix for W3 Total Cache here, appreciate it! :slight_smile:

    The developer's testing your code solutions, and will include them on the next update if they're confirmed. However, I should note that in regards to this:

    quickly tested it with a testuser and it seems that the pages get loaded, then the admin-ajax.php kicks in and the page reloads to log the user in. This is only needed (and done) one time per user per mapped domain.

    That would seem to be due to the code change you referenced earlier, on line 67 of domain-mapping/classes/Domainmap/Module/Cdsso.php, where you changed it from this:

    $this->_add_action( 'wp_head', 'add_auth_script', 0 );

    To this:

    $this->_add_action( 'wp_footer', 'add_auth_script', 0 );

    Since the whole page has to load first before that script will kick in.

    Hope you're doing well today! :smiley:

    Kind Regards,
    Michael

    • Sybre Waaijer

      Hi Michael! Thanks for dropping by.

      That would seem to be due to the code change you referenced earlier, on line 67 of domain-mapping/classes/Domainmap/Module/Cdsso.php, where you changed it from this:

      Correct, Also, because of the 'async' the script is still loading while the rest of the page is already visible and allows interaction. I haven't tested this out without the 'async' addition but noticed that the wp_footer was mandatory for this to work.

      For people with slow connections, when the browser caching's done right, this is also a major improvement.
      With Charles Proxy, I simulated both a 3G and ADSL (512kbps) connection:

      All the important content (header CSS and HTML) gets loaded before the redirect kicks in with a little help from Lazy Load: https://wordpress.org/plugins/lazy-load/ - In fact, the user won't even notice they get redirected because all loaded content is already in their cache, it just needs to check if the content is the same and the page still loads faster than anything ^^

      Results could differ per user and server based on configuration though. I took the best caching methods for my network and pasted it together - this might not work for everyone (I also have 36GB of RAM on my servers for caching, RAM is cheap in Holland).

      I'm not sure how this will affect other users so if it gets implemented I'd suggest it to be an option rather than mandatory - or put out a beta for your customers to test.

  • wp.network

    This is awesome stuff @Sybre

    I have totally been staring at similar results in my waterfalls when using SSO :slight_smile:

    On a side note:

    I was looking at setting up a cookieless domain also, but had impression that inorder to use a subdomain like static.primary.com that the primary needed to be using 'www' or some other subdomain rather than naked domain inorder to have cookies not be set for entire domain...? I have looked at CDN Linker, researching htaccess approaches...

    Any tips/htaccess snippets for setting up to serve static resources from cookieless domain for primary+subsites would be greatly appreciated :slight_smile:

    Cheers, Max

    • Sybre Waaijer

      Hi @TiViSM

      Although your question is unrelated and should be posted in a new topic, I'd like to answer them anyway to help you on the way. As I wrote the answer I discovered it's actually related xD.

      A cookieless domain can be defined like described in the link below, anything but what's filled in there will not accept your cookies (for what I understand):
      http://codex.wordpress.org/Editing_wp-config.php#Set_Cookie_Domain
      I must warn you however that this will most likely break SSO. I have not tested this out.

      You can remove cookies from static files within W3 Total Cache's Browser settings, but that will also break your SSO, so take it a step up and try MaxCDN (easily connected through W3 Total Cache and works perfect for mapped domains as well right out of the box). MaxCDN has an option to remove the cookies without interfering with your WordPress installation - therefor SSO won't loop :slight_smile:

      Unusual setups like WordPress.com, edublogs.org, tivism.net (yours) and hostmijnpagina.nl (mine) require a steep learning curve and allows you to discover many great things on many great platforms.

      Have a great day :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.