Description

[PR incoming with unit tests and implementation of option - default to no change from current behavior]

session.touch is called on every request when resave: false is set.

On in-memory stores such as connect-redis this has little impact other than additional traffic.

However, on disk-backed and/or globally replicated stores the costs can be significant, such as connect-dynamodb

Example Scenario with Costs - DynamoDB Store

DynamoDB Provisioned Capacity Pricing

• RCU = Read Capacity Unit
• WCU = Write Capacity Unit
• 60,000 RPM site / 60 seconds / minute = 1000 RPS
• Write on Every Request
  • 1,000 RPS requires
    • 1,000 RCU x $0.00013 = $0.13 / hour = $1,138 / year
    • 1,000 WCU x $0.00065 = $0.65 / hour = $5,964 / year
    • Total = $7,102 / year
• Write on Update or when 75% of originalMaxAge Expired
  • Assuming 1% of requests update the session or reach 75% of originalMaxAge
  • 1,000 RPS requires
    • 1,000 RCU x $0.00013 = $0.13 / hour = $1,138 / year
    • 10 WCU x $0.00065 = $0.0065 / hour = $57 / year
    • Total = $1,195
    • Savings = 83% vs Write on Every Request

Best cases for cost reduction

• Relatively longer sessions (e.g. minutes, hours, days, months, but not seconds)
• Session values infrequently updated