Difference between revisions for Users / Eo Ny




← Previous edit
Next edit →

Additions:

Optimization Tips

    • Session data only written during write_close() or regeneration
    • No unnecessary serialization during reads
    • Probabilistic GC (based on cf_gc_probability)
    • Only runs on 2% of requests by default
    • Customize based on your session volume
    • Expired nonces automatically removed on verification
    • Verified nonces removed from storage
    • No manual cleanup needed
    • Regex-based validation is fast
    • No database lookup needed
    • Cache expensive lookups between session operations
    • Session data loaded once per request

TODO Items (From Code Comments)

    • Improves security by not exposing IDs in storage layer
    • Would require hashing logic in store_* methods
    • Track sticky__ip changes more comprehensively
    • Create security audit trail
    • Multi-session management (parent/child sessions)
    • Useful for complex user flows
    • Maintain session history for analysis
    • Detect potential session hijacking patterns
    • Implement session relationship tracking
    • Detect and block delayed session ID usage
    • Current implementation allows 5-second window
    • Could be more granular

Version History

Documentation generated: 2026-05-05
For latest updates, see: https://github.com/Trojer/wack[...]ION_DOCUMENTATION.md

Deletions:

Optimization Tips

  • Session data only written during write_close() or regeneration
  • No unnecessary serialization during reads
  • Probabilistic GC (based on cf_gc_probability)
  • Only runs on 2% of requests by default
  • Customize based on your session volume
  • Expired nonces automatically removed on verification
  • Verified nonces removed from storage
  • No manual cleanup needed
  • Regex-based validation is fast
  • No database lookup needed
  • Cache expensive lookups between session operations
  • Session data loaded once per request

TODO Items (From Code Comments)

  • Improves security by not exposing IDs in storage layer
  • Would require hashing logic in store_* methods
  • Track sticky__ip changes more comprehensively
  • Create security audit trail
  • Multi-session management (parent/child sessions)
  • Useful for complex user flows
  • Maintain session history for analysis
  • Detect potential session hijacking patterns
  • Implement session relationship tracking
  • Detect and block delayed session ID usage
  • Current implementation allows 5-second window
  • Could be more granular

Version History