Theo's Typesafe Cult•2y ago

Is putting the session into the context really a good idea? (overhead on each request)

I was just wondering about the default way of session handling. Looking at the docs, the session is put into the context:

// server/trpc/context.ts
import { getServerAuthSession } from "../common/get-server-auth-session";

export const createContext = async (opts: CreateNextContextOptions) => {
  const { req, res } = opts;
  const session = await getServerAuthSession({ req, res });
  return await createContextInner({
    session,
  });
};

// server/trpc/context.ts
import { getServerAuthSession } from "../common/get-server-auth-session";

export const createContext = async (opts: CreateNextContextOptions) => {
  const { req, res } = opts;
  const session = await getServerAuthSession({ req, res });
  return await createContextInner({
    session,
  });
};

This means that every request will evaluate the session based on the cookies. I understand the benefit of the DX, as with this setup you can easily always access it via context in a tRPC procedure. But the downside is obviously that the execution time of getting the session from cookies is added to every request. In a typical CRUD app, not so many requests really need authentication, but we still add this overhead to each request. Has someone measured how long this takes in a typical setup? How much "overhead" is really added to each request?

3 Replies

Leonidas•2y ago

Depends on where your db and your server are. If you use edge computing (and the request originates from far away) the additional overhead is pretty long, if your server and db live inside the same private network it will (almost) not be measurable

bennettdev•2y ago

I think the newest version uses unstable_getServerSession, which only checks the cookies without looking at the DB. So I guess this takes probably a few milliseconds?

Unknown User•2y ago

Message Not Public

Gaming

Programming

Is putting the session into the context really a good idea? (overhead on each request)