[happyhappy]

I want to use this, but since the keys are immutable, how can I store data like sessions which can change and would sometimes have to be invalidated from the server side (i.e. you can't simply change the session ID in the cookie and use a new cache entry, because bad-guy could still be holding on to an old stolen session ID)?

In general, how can one learn to think in an immutable fashion to effectively exploit this?

[lucian1900]

The simple solution is to always version everything. There's no such thing as an update, merely a new version of a thing.

[FooBarWidget]

So without any mutable storage, how do you verify that the version that the client requested is the latest version?

[justincormack]

If the client has an old link serve an old version. But have links to what will be future versions and make the client walk them. It is doable but different. Lots of stuff is static anyway, like CSS, so you can use for this and have a different process for stuff that varies.

[FooBarWidget]

But as the grandparent said, serving the old version may result in a security vulnerability. There are cases where you MUST serve the latest version, and the latest version only.

[samnardoni]

Then don't use groupcache.

[happyhappy]

That much is obvious.

[perlgeek]

The general approach is to store initial values and then changesets to those objects.

For example git has loads of immutable data (every commit, tree and blob is immutable), and only very little mutable data (the refs) that point to some of those immutable objects.

You simply wouldn't use groupcache for session data; you'd use memcached.

[twotwotwo]

As others said, groupcache isn't useful for session storage. memcache was used for a lot of things other than caching, because it was a very versatile hammer and a lot of things looked like nails. groupcache is for when your data's immutable and bandwidth used for the most popular keys might exhaust a single memcache server's pipe.

[skybrian]

This isn't for sessions unless they're also backed up somewhere else. It's just for caching. You would need some other system where you look up which version of a session is current, then look up sessions in the cache by a unique version id.

[seunosewa]

That "other system" could and probably should be a database.