Disable session cache by default and make it opt-in for single-process deployments
This commit is contained in:
@@ -38,6 +38,7 @@ Reference: `Docs/Refactoring.md` for full analysis of each issue.
|
||||
### 4. Address session cache invalidation semantics
|
||||
- Where found: `backend/app/dependencies.py`
|
||||
- Goal: make session caching safe or remove it, and document that cache invalidation is not cluster-safe if the app is run with multiple workers.
|
||||
- Status: completed — session validation cache is now disabled by default and can be enabled explicitly in single-process deployments.
|
||||
- Possible traps and issues:
|
||||
- Process-local cache can keep revoked sessions alive in other worker processes.
|
||||
- Implementing a shared cache is a larger architectural change; a safer short-term fix is to disable caching by default.
|
||||
|
||||
Reference in New Issue
Block a user