You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
perf(auth,api): skip getSession when no session cookie is present
Better-auth's getSession was running on every request — including API-key,
public, MCP, and SDK traffic — and hitting Postgres even when no session
cookie was attached. Under pool contention this manifested as a hard 5s
wall: ~25% of /v1/query calls returned 500 "Failed to get session" at
duration_ms=5010, the rest of the slow tail also clustered there. The
/public/v1/flags/bulk endpoint showed the same pattern.
Add hasSessionCookie(headers) in @databuddy/auth that checks for the
better-auth session_token / session_data cookie names, and short-circuit
the four hot getSession call sites:
- packages/rpc/src/orpc.ts createRPCContext (covers all /rpc/*)
- apps/api/src/routes/query.ts (/v1/query)
- apps/api/src/middleware/website-auth.ts (/public/v1/flags/bulk and
other website-scoped routes)
- apps/api/src/lib/auth-wide-event.ts (per-request auth wide event)
0 commit comments