Difference between revisions for Users / Eo Ny
|
← Previous edit |
Next edit → |
Additions:
Optimization Tips
- Session data only written during
write_close()or regeneration - No unnecessary serialization during reads
- Probabilistic GC (based on
cf_gc_probability) - Only runs on 2% of requests by default
- Customize based on your session volume
- Expired nonces automatically removed on verification
- Verified nonces removed from storage
- No manual cleanup needed
- Regex-based validation is fast
- No database lookup needed
- Cache expensive lookups between session operations
- Session data loaded once per request
- Session data only written during
TODO Items (From Code Comments)
- Improves security by not exposing IDs in storage layer
- Would require hashing logic in store_* methods
- Track
sticky__ipchanges more comprehensively - Create security audit trail
- Multi-session management (parent/child sessions)
- Useful for complex user flows
- Maintain session history for analysis
- Detect potential session hijacking patterns
- Implement session relationship tracking
- Detect and block delayed session ID usage
- Current implementation allows 5-second window
- Could be more granular
Deletions:
Optimization Tips
- Session data only written during
write_close()or regeneration - No unnecessary serialization during reads
- Probabilistic GC (based on
cf_gc_probability) - Only runs on 2% of requests by default
- Customize based on your session volume
- Expired nonces automatically removed on verification
- Verified nonces removed from storage
- No manual cleanup needed
- Regex-based validation is fast
- No database lookup needed
- Cache expensive lookups between session operations
- Session data loaded once per request
TODO Items (From Code Comments)
- Improves security by not exposing IDs in storage layer
- Would require hashing logic in store_* methods
- Track
sticky__ipchanges more comprehensively - Create security audit trail
- Multi-session management (parent/child sessions)
- Useful for complex user flows
- Maintain session history for analysis
- Detect potential session hijacking patterns
- Implement session relationship tracking
- Detect and block delayed session ID usage
- Current implementation allows 5-second window
- Could be more granular