optimize SingleSession to avoid unneeded session fetches
Concerned version
Version: 2.0.11
Platform: (Nginx/Apache/Node.js)
Summary
- Configure SingleSession with a rule that depends on the user
- Login multiple session for a user that is NOT targeted by the rule
- Following behavior is observed:
- SingleSession gets all session IDs for this user (searchOn whatToTrace)
- SingleSession get each obtained session, and deserialized it
This is sub-optimal, if a user is allowed to have many sessions, SingleSession should not get those sessions from the database. This is causing issues in some load testing scenarios
Backends used
Reproduced with Browseable::Postgres, probably happens with all network session backends
Possible fixes
Do not retrieve sessions if the rule does not match the current user