Comments (5)
maxcountryman
commented on May 31, 2024
It's something I'm actively working on improving: ideally it would only hold onto loaded session memory for as long as it's needed. This is complicated by concurrency. One idea is to track the count of references a la Arc, removing the session from the loaded cache when it's safe to do so based on reference count.
This is a long way of saying that while currently additional caching seems superfluous, that likely will not be true in the future.
from tower-sessions.
renbou
commented on May 31, 2024
Why should it be implemented in SessionManager by default, though? Smart reference-counting caching can be done elsewhere, it doesn't sound like a feature that should just be enabled for all consumers of this library. Since it is enabled by default, it pretty much means that this library is unusable in its current state.
from tower-sessions.
maxcountryman
commented on May 31, 2024
Since it is enabled by default, it pretty much means that this library is unusable in its current state.
Can you expand on why you think that's the case?
I would argue the vast majority of applications will have a small number of loaded sessions and relative to other things this is not a great deal of memory, even as it grows.
I did some load testing and indeed, memory growth is quite small.
That said, addressing this shouldn't be too difficult and will land in a patch release soon assuming one of the potential implementations works.
As for why it's required: concurrent data access requires the manager to expose shared memory unless you want to serialize session access altogether.
from tower-sessions.
renbou
commented on May 31, 2024
As soon as a web app exposes an endpoint which creates new sessions, requests can simply be issued to said endpoint in order to infinitely fill the SessionManager's cache, which is a problem even if the memory growth rate is indeed small
from tower-sessions.
maxcountryman
commented on May 31, 2024
Please feel free to open a PR.
We want to preserve concurrent data access, which requires ensuring that loading and saving is done such that a load will not introduce stale data to handlers.
A naive but incorrect solution is to lock the request through the response and store save but this blocks concurrent access. For this reason, we manage the session memory via DashMap (altho in the future scc or some other interface entirely might be preferable).
As I mentioned earlier, you could track references within the map itself and when that count is such that there is no concurrent access, you can remove the session.
from tower-sessions.
Related Issues (20)
- 2 Errors when installing with postgres HOT 11
- i do not see a postgres table although session works HOT 1
- cannot infer type of the type parameter `T` declared on the struct `HandleErrorLayer` HOT 2
- function or associated item not found in 'Session' HOT 2
- Add support for Postgres store with tokio-postgres along with bb8-postgres. Implementation attached.
- Facilitate custom `SessionStore` implementation testing HOT 12
- Use `core::time::Duration` instead of `time::Duration`
- Redis example needs pool not a client
- Still waiting on your answer regarding #59 (Diesel store implementation) HOT 3
- with_expiry(Expiry::OnSessionEnd) does not seem to work
- Does .flush() work correctly when a cookie domain is set?
- version 0.10.3 broke SemVer guarantees HOT 3
- Breaking change in v0.10.4 HOT 4
- Inserting forces a sesssion read which could cause the insert to error HOT 1
- set_expiry() does not work HOT 5
- Max-Age of Cookie not updates on set_expiry() HOT 3
- Session Ids can collide
- Version 0.12.0 not compatible with redis-store 0.11.0 HOT 1
- Calling `session.save()` correctly creates new sessions but the cookie is not set.
- Change tracing levels for instrumentation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tower-sessions.