Hi all, I'm trying to understand whether I can use authn from Ory Cloud for SSR websites (Next.js with Vercel and so on). Ory Cloud adds a session cookie that is opaque for me and my app, including that which renders the frontend. However, I can resolve it with a

.ToSession()

network call. So far so good. The problem that I see is that that call takes some amount of time, currently 500ms. Even if it's improved to 0ms + latency, it's still a network call that chips away from one of the most important metrics for a web app. • Is there a way to improve this solution with what I got in Ory Cloud? • How is this issue usually solved? Would it be solved if the cookie was a JWT that could be validated without a network request instead of an opaque string generated for me by Ory Cloud?

Heya Ilya, for what it's worth, I'm using Ory Cloud from a golang SSR backend, and am very happy with it. Here's my session resolution middleware if that can help. Some tidbits: • the latency measured from my server in Germany is lower than your number. p50 has been a steady 150ms for months, and p95 is ~300-350ms • because most of the traffic on my site is unauthenticated, I only run a call when I detect a cookie starting with

ory_session_

, anonymous sessions are not impacted • to speed up page changes, I keep sessions cached for 15 minutes. How long the cache can be depends on how fast you want to be able to respond to session termination. For a high-volume commercial project, I'd investigate shortening that cache duration and refreshing the cache in the background before expiration, but my small weekend-project is not there, so users get a 150ms "penalty" every 15 minutes. Kratos' design is different from the OAuth & JWT ecosystem on purpose, and I personally find it simpler and more robust. It does come with its own learning curve and a set of limitations of course.

Thanks for the great question @gifted-angle-64519 and for sharing these insights @purple-tailor-16179! We're working to bring down latency, and specifically for session checks, in Ory Cloud! Key ingredients will be Ory-managed edge caching and serving from more regions and datacenters. Stay tuned!

thanks @purple-tailor-16179 and @fast-lunch-54279