Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello,
We need to check cookies for every request in our express backend, for every request we need to send request for /session/whoami endpoint which adds delay. Is there any alternate way to check cookies

Hello Akash, if your use case requires the ability to invalidate user sessions (e.g. logout), there is no way to authenticate a request without talking to an authentication server. What is the latency? If it is significant, you may be able to optimize it with adjustments to your deployment or system design

We are testing in local server, concerned when deployed in production.

This latency shouldn't be significant if kratos is in the same deployment (&lt;1ms). There is no way around checking the session if the request requires an authenticated user. What kind of latency have you been experiencing?

We are deploying Kratos in separate instance

Then latency shouldn't be a problem :slightly_smiling_face:

I believe it does, but I could be wrong. I would need to look through this part of the code base to verify

Thank you Alano, another way is to cache the cookie call for a bit. You might do that in your middleware or use something like Ory Oathkeeper :)