[holtalanm]

then you're hitting the db on every request just to do auth.

if you _had_ to do that, I would put the counter into something like redis instead.

[inshadows]

Don't you need to hit the DB anyway to fetch authorization data like user role? Clearly you aren't going to store it in JWT or you face the issue with invalidation. But fine, cache it in Redis. Problem solved.

10 timeout to reply. o_O