Replies: 3 comments 6 replies
-
Have you benchmarked this? The UUID column type itself comes with some performance tradeoffs. That said, you don't need to use a text column, you could instead use a char type or even bytea type. It's also important to point out that Django uses a fixed length CharField for their session table pk. So this is likely not a performance bottleneck in many real world scenarios.
Note that a UUIDv4 actually offers us 122-bits of entropy; 6 bits are fixed. We currently represent session IDs as base64-encoded It should be possible to make the ID length configurable. If that's important to you, I'm happy to review PRs that would enable that. Alternatively we could introduce signing via a feature flag (this is likely a larger change and it introduces significant overhead to the request). If you have other ideas, please feel free to suggest potential ways of improving this. |
Beta Was this translation helpful? Give feedback.
-
Given the fact that the i128 ID can be converted to a UUID I think this change is somewhat backwards compatible. @Razican Does that work for you? |
Beta Was this translation helpful? Give feedback.
-
I'm running into this as well as I already have a (Firestore) database with existing sessions that I don't want to all suddenly get expired by upgrading. For the backwards compatibility, are you suggesting that the logic for that should be in the store rather than the use of this chart? It seems it would have to be since the trait is sending Since Firestore doesn't support i128 or UUID values, they need to be stored as strings regardless. I have the logic done for the FirestoreStore to use the string form of |
Beta Was this translation helpful? Give feedback.
-
Hello, I'm currently using tower-sessions 0.9 with UUIDs in a PostgreSQL database. I use a custom diesel backend, and my session store table looks like this:
Unfortunately, the new IDs in 0.10 seem to be i128 and not UUIDs, so I guess I would need to migrate from UUIDs. Seeing how the sqlx postgres backend has done this, it seems to use a
text
column as primary key:https://github.com/maxcountryman/tower-sessions-stores/blob/51cc75817cb98e875d8cf3975363f746857ad0b2/sqlx-store/src/postgres_store.rs#L110-L115
Is this what I have to do? Why would I want to change a very storage and performance v7 UUID for a non-checked, very slow
text
field? It seems that the performance would go down like crazy.I also saw that the new IDs reduce security from 128 bits to 66 bits in this process, barely above the 64-bit minimum recommended by OWASP.
Is there a better way to do this?
Beta Was this translation helpful? Give feedback.
All reactions