11/12/2022, 11:46 PM
Hi Team, having a question regarding the session - Looks like the platform does auth check by verifying session endpoint:
. And looked into the source code, noticed it does few things: - Get access token from the session - Get config about whether checking blacklist from DB query. - Seems if the above config is false, it will do some DB transaction to update information inside session. Here are the source code I read: - Verify session API: - Get session called inside the verify session API: Hence, looks like it's not a stateless check (like Auth0, just validating the JWT token has expired or not). So I am bit concern about the performance because looks like it's the recommend way in the doc for APIs required user to be logged in: The reason of having the concern is the nature of the business, which is selling hype ecommerce products. So the first 10-15 minutes, it would be a lot requests hitting our platform. Please correct me if I am wrong here 🙏