[cgiapp] enciphered-cookie-only sessions

Perrin Harkins perrin at elem.com
Tue Mar 11 10:07:29 EDT 2008

On Mon, Mar 10, 2008 at 11:46 AM, Mark Fuller <azfuller at gmail.com> wrote:
>  BTW: I didn't understand the part in the Catalyst documentation saying
>  the benefit of sending the session in the cookie is that you don't
>  have to access the disk. I assume that's supposed to be a performance
>  benefit. But, after two encodings and an encryption, and two decodings
>  and a decryption? I don't see how that could be much of a performance
>  boost.

It's worth benchmarking, but it seems likely to me that even strong
encryption is faster than fetching data from a database.  Removing one
or more database hits from every page access could be significant.
Most web servers have tons of idle CPU because they're constantly
waiting for I/O operations.

The real win in my mind is scalability -- you no longer have to worry
about how to share the data across your cluster.  No matter how many
servers you add, your cost for session storage never goes up.

- Perrin

More information about the cgiapp mailing list