Locust @task(2) hammers /auth/login in steady state on top of the on_start burst. After caching the uuid-keyed user lookup and every other read endpoint, login alone accounted for 47% of total _execute at 500c/u — pure DB queueing on SELECT users WHERE username=?. 5s TTL, positive hits only (misses bypass so a freshly-created user can log in immediately). Password verify still runs against the cached hash, so security is unchanged — the only staleness window is: a changed password accepts the old password for up to 5s until invalidate_user_cache fires (it's called on every write).
8.5 KiB
8.5 KiB