I’ve been using ColdSpring 1.2 for years now. Yes, it’s a dead project, and yes I did try to migrate to 2.0 a few years back but there were issues that prevented it at the time (is that version dead now too?), but I always liked ColdSpring and its pretty entrenched in a number of apps I’ve developed and there’s never any time or desire from the powers on high to retool it for Wirebox or DI/1.

ColdSpring has always had a real downside for me, though: the sheer amount of time it adds to app reinitialization. In the case of an eCommerce site I’m working on, the app reinit time was a whopping 274 seconds on a very beefy server (8-core, 32GB ram, SSDs). The length of reinit time became critically painful when we moved the site behind CloudFlare which implements a very strict and unconfigurable request timeout of 100 seconds (the fact this is unconfigurable for paying customers to me seems absurd, but there it is). The net effect of this restriction was that it was impossible to know when, or if, the app had successfully reinitialized, as CloudFlare throws in a handy ‘the page didn’t respond in time, oh well’ error. I knew the reinit sluggishness was in ColdSpring, since I had isolated ColdSpring functionality as the root cause in another app, but I had never ended up digging too deeply since I guess I just felt it was a burden to be borne for the sake of using an IOC framework (this is several years ago). But faced with very real and unalterable request timeout restrictions I now had no choice but to give it another go.

And……succeeded. The culprit? AOP. I’ve always used the aspect oriented programming feature of ColdSpring to implement page-level security. Essentially, in my apps all page urls are aliases stored in a db, resolved on demand and routed to the appropriate controller. Each of these page aliases has optional security role requirements which must be evaluated for the current user to determine whether they can access the url or not. This is an ideal situation for AOP. And this was the ONLY thing I was using AOP for. Unfortunately for my ideal use of AOP, I had narrowed down the lag to ColdSpring’s AOP handling for my controllers, and after removing the app’s reliance on AOP and moving the relevant security-evaluation code into the single component actually handling request routing, reinit time went from 4 minutes down to 12 seconds. 12 seconds. From 4 minutes. Blech.

I still like ColdSpring 1.2 and would use it again, even as old and dead as it is, but if I do I won’t be using ColdSpring’s AOP features. The cost to any non-trivial app is just too high at init time.