With this change, an instance under pressure from new or bad authentication attempts
will continue to be viable to authenticated sessions and clients with tokens (e.g. any
http client that honors cookies).
Previously, if a username or password was bad, retry would not occur.
Correct this such that every so often or right when someone connects,
the target is checked to see if the user/password is now considered good.
The pickling would get horrendously slow as total node count increased. This meant very long time to sync
to disk for just one change out of 65,000. This strategy changes things to more selective and only
do things for the dirty keys rather than everything. Large changes to small amounts of nodes will take
more time (because more calls to dump pickle), but small changes to a small subset of nodes will take much
less time.
There was an optimization to skip examination of groups if it was determined
that the group membership had not changed. However, this erroneously
masked the examination in the case of reordered groups. Skip the
optimization to cover that case at the expense of at least some needless churn.
This only happens when something goes to change group membership in some way, so
this shouldn't be too expensive.
Now when expressions can not be completed, the reason is presented as 'broken'.
Additionally, when unsetting a value that would affect expressions,
perform appropriate changes.