Cache separation between authenticated users
Unanswered
West African Crocodile posted this in #help-forum
West African CrocodileOP
I'm working with Next.js App Router and have a question about how caching works with multiple authenticated users.
Here's my setup:
I have around 50 users in my application. Each user has their own profile page where I call fetchUserData() to get their personal data.
I have a few questions about how Next.js handles caching in this scenario:
Cache separation: How does Next.js distinguish between different users' data in the cache? If User A and User B both access their profile pages (hitting the same endpoint but with different auth tokens) while the cache is still valid, how does Next.js ensure they each get their own data?
Cache keys: Does Next.js automatically include the Authorization header as part of the cache key? If so, does this mean I don't need to worry about data leakage between users?
Tag-based revalidation: With the setup above where all users share the same tag ('user-data'), if I call revalidateTag('user-data') when a single user updates their profile, will it revalidate the cache for all 50 users or just for that specific user?
Best practices: Should I be using user-specific tags like user-${userId} instead of a shared tag? What's the recommended approach for handling per-user cache invalidation?
I want to ensure I'm implementing this correctly to maintain data privacy while also optimizing performance.
Here's my setup:
async function fetchUserData() {
const res = await fetch('https://api.example.com/user-data', {
next: {
revalidate: 60,
tags: ['user-data'] // Same tag for all users
},
headers: {
'Authorization': `Bearer ${userToken}` // Different for each user
}
});
return res.json();
}I have around 50 users in my application. Each user has their own profile page where I call fetchUserData() to get their personal data.
I have a few questions about how Next.js handles caching in this scenario:
Cache separation: How does Next.js distinguish between different users' data in the cache? If User A and User B both access their profile pages (hitting the same endpoint but with different auth tokens) while the cache is still valid, how does Next.js ensure they each get their own data?
Cache keys: Does Next.js automatically include the Authorization header as part of the cache key? If so, does this mean I don't need to worry about data leakage between users?
Tag-based revalidation: With the setup above where all users share the same tag ('user-data'), if I call revalidateTag('user-data') when a single user updates their profile, will it revalidate the cache for all 50 users or just for that specific user?
Best practices: Should I be using user-specific tags like user-${userId} instead of a shared tag? What's the recommended approach for handling per-user cache invalidation?
I want to ensure I'm implementing this correctly to maintain data privacy while also optimizing performance.
3 Replies
Yes do not use the same tag for all users if you want to revalidate only specific users after any kind of mutation.
About the cacheKeys question, no. If you don’t provide the key explicitly Next.js won’t infer it and won’t add it to the cacheKeys.
Basically when you do a “getDataById” you provide the
When you do this, than you can pass the id as part of the key array, and revalidate specific users by calling
Alternatively you can use
Basically when you do a “getDataById” you provide the
userId as a parameter to explicitly specify which user you wanna fetch data for. In a REST api, user should be under /user-data/${userId} since each user represents a different resource. You are free to send the auth token as well for authorization concerns, and maybe check the userId against the auth token and fail if they don’t match.When you do this, than you can pass the id as part of the key array, and revalidate specific users by calling
revalidateTag(theUserId)Alternatively you can use
unstable_cache (which is very stable despite the name) to achieve the same thing, it lets you have more control over the caching behavior and revalidation strategies.@West African Crocodile any updates?