[sethammons]

One that is often not mentioned: cache errors. When systems face scaling issues, caching is often a first line tool. Imagine a bug gets deployed with an off by one error in your cache, or the cache serves the latest entry instead of the right entry.

If you add caching (esp. to your auth-chain), you need automated tests covering every access pattern. Concurrent access, cache timeouts, cache full, cache invalidation, etc.

[p410n3]

This has happenend to steam!

https://forums.overclockers.co.uk/threads/do-not-login-to-an...

[anayar]

But folks really cache auth related data? Isn’t that better handled purely through client <> server requests and handling caching for all UI or action based data?

[sethammons]

Not at scale. If our auth caching stops, our auth servers can get overloaded at peak times. Granted, horizontal scaling auth is a better first round choice, but caching gives you vertical scaling when you are hitting limits on your database. Another option is z-scaling, but that is really just a way to improve either of the previous two (have different pools of user databases).