[cgiapp] enciphered-cookie-only sessions
Perrin Harkins
perrin at elem.com
Tue Mar 11 10:07:29 EDT 2008
On Mon, Mar 10, 2008 at 11:46 AM, Mark Fuller <azfuller at gmail.com> wrote:
> BTW: I didn't understand the part in the Catalyst documentation saying
> the benefit of sending the session in the cookie is that you don't
> have to access the disk. I assume that's supposed to be a performance
> benefit. But, after two encodings and an encryption, and two decodings
> and a decryption? I don't see how that could be much of a performance
> boost.
It's worth benchmarking, but it seems likely to me that even strong
encryption is faster than fetching data from a database. Removing one
or more database hits from every page access could be significant.
Most web servers have tons of idle CPU because they're constantly
waiting for I/O operations.
The real win in my mind is scalability -- you no longer have to worry
about how to share the data across your cluster. No matter how many
servers you add, your cost for session storage never goes up.
- Perrin
More information about the cgiapp
mailing list