Is it a common/good practice to save/update the session *after* sending
the response?
I started updating the session after sending the response and it seems
like a good way to get a little more speed, since it's now a non-blocking
task.
But I'm worried that a minimal slow down in the database could cause
problems when updating the session this way.
Imagine I want to set a session flash message for the next request, but
the next request/response happen before the session is updated. The user
won't see it, or he will see it in a different request.
And the worst case is when you need to regenerate the session ID. If the
update is slow and the next request comes faster than that, the user will
get logged out because he will be asking for a non-existent or expired
session (he received the new session ID in the cookie as part of the
response).
So what I wanna know is whether this has already been studied, whether
people are using it, when should I do it, when I shouldn't, if there is a
fix for it, etc.
No comments:
Post a Comment