Difference between revisions for Users / Eo Ny
|
← Previous edit |
Next edit → |
Additions:
Optimization Tips
- Session data only written during
write_close()or regeneration - No unnecessary serialization during reads
- Probabilistic GC (based on
cf_gc_probability) - Only runs on 2% of requests by default
- Customize based on your session volume
- Expired nonces automatically removed on verification
- Verified nonces removed from storage
- No manual cleanup needed
- Regex-based validation is fast
- No database lookup needed
- Cache expensive lookups between session operations
- Session data loaded once per request
- Session data only written during
TODO Items (From Code Comments)
- Improves security by not exposing IDs in storage layer
- Would require hashing logic in store_* methods
- Track
sticky__ipchanges more comprehensively - Create security audit trail
- Multi-session management (parent/child sessions)
- Useful for complex user flows
- Maintain session history for analysis
- Detect potential session hijacking patterns
- Implement session relationship tracking
- Detect and block delayed session ID usage
- Current implementation allows 5-second window
- Could be more granular
Version History
Documentation generated: 2026-05-05For latest updates, see: https://github.com/Trojer/wack[...]ION_DOCUMENTATION.md
Deletions:
Optimization Tips
- Session data only written during
write_close()or regeneration - No unnecessary serialization during reads
- Probabilistic GC (based on
cf_gc_probability) - Only runs on 2% of requests by default
- Customize based on your session volume
- Expired nonces automatically removed on verification
- Verified nonces removed from storage
- No manual cleanup needed
- Regex-based validation is fast
- No database lookup needed
- Cache expensive lookups between session operations
- Session data loaded once per request
TODO Items (From Code Comments)
- Improves security by not exposing IDs in storage layer
- Would require hashing logic in store_* methods
- Track
sticky__ipchanges more comprehensively - Create security audit trail
- Multi-session management (parent/child sessions)
- Useful for complex user flows
- Maintain session history for analysis
- Detect potential session hijacking patterns
- Implement session relationship tracking
- Detect and block delayed session ID usage
- Current implementation allows 5-second window
- Could be more granular
Version History
- Documentation generated: 2026-05-05*
- For latest updates, see: https://github.com/Trojer/wack[...]ION_DOCUMENTATION.md*