Session Cache
Overview
Redis-based caching layer for session management, JWT tokens, rate limiting, and frequently accessed workspace data.
Cache Strategy
Session Management
- User Sessions: Active session tokens with 24-hour TTL
- SSO State: OAuth/SAML state during authentication flow
- JWT Blacklist: Revoked tokens for security
- Remember Me: Extended session tokens (30-day TTL)
Performance Caching
- Workspace Config: Hot workspace data (5-minute TTL)
- Member Permissions: Permission cache (15-minute TTL)
- Rate Limiting: Request counters per user/workspace
- API Keys: Validated API key cache (1-hour TTL)
Technical Details
Specifications:
- Version: Redis 7.x
- Memory: 16 GB
- Persistence: RDB snapshots + AOF logs
- Replication: Primary with 2 read replicas
- Clustering: Redis Cluster with 3 shards
Performance:
- Latency: P99 < 1ms
- Throughput: 100,000 ops/second
- Hit Rate: Target 95%+
- Connections: Max 10,000
Data Structures
Session Keys
session:{user_id}:{session_id} -> Session data (hash) - user_id - workspace_id - role - created_at - last_activity - ip_addressRate Limiting
ratelimit:{workspace_id}:{endpoint} -> Request count (string)TTL: 1 minute (sliding window)Permission Cache
permissions:{workspace_id}:{user_id} -> Permissions array (set)TTL: 15 minutesCache Invalidation
🔄 Cache Strategy
Cache invalidation occurs on workspace/member changes, role updates, or permission modifications.
- Session Logout: Immediate invalidation
- Permission Changes: Invalidate user permission cache
- Workspace Updates: Clear workspace config cache
- Member Removal: Clear all member sessions
Monitoring & Alerts
- Memory Usage: Alert at 80% capacity
- Eviction Rate: Alert if > 100/min
- Hit Rate: Alert if < 90%
- Replication Lag: Alert if > 5 seconds
Security
- TLS Encryption: All connections encrypted
- AUTH Required: Password authentication enabled
- No FLUSHALL: Command disabled in production
- Network Isolation: Private VPC subnet only