[1.x] perf: eliminate redundant DB writes in auth middleware and cache notification counts#4365
Conversation
imorland
added a commit
that referenced
this pull request
Feb 21, 2026
Ports the performance improvements from #4365 (1.x) to 2.x, adapting where the API has changed. **AccessToken::touch()** - Only update last_ip_address / last_user_agent when the values have actually changed, avoiding unnecessary dirty-marking - Only call save() when the model is dirty, eliminating a DB write on every token touch when activity was throttled **AuthenticateWithHeader / AuthenticateWithSession** - Guard $actor->save() with isDirty() after updateLastSeen() - updateLastSeen() is throttled to 180 seconds; on requests within that window the actor was already being saved unconditionally **User notification count caching** - Cache getUnreadNotificationCount() and getNewNotificationCount() for 5 minutes with active invalidation on all write paths - The TTL is a safety net; the cache is eagerly invalidated whenever notifications are created, read, or the user views notifications **Cache invalidation write paths** - Notification::notify() — invalidates both count keys for all recipients - ReadNotificationHandler — invalidates both count keys - ReadAllNotificationsHandler — invalidates both count keys - NotificationResource (Index endpoint) — invalidates new_notification_count after markNotificationsAsRead() updates read_notifications_at **ApplicationInfoProvider::identifyDatabaseVersion()** - Cache the DB version query for 24 hours; $cache is already injected Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
imorland
added a commit
that referenced
this pull request
Feb 21, 2026
Ports the performance improvements from #4365 (1.x) to 2.x, adapting where the API has changed. **AccessToken::touch()** - Only update last_ip_address / last_user_agent when the values have actually changed, avoiding unnecessary dirty-marking - Only call save() when the model is dirty, eliminating a DB write on every token touch when activity was throttled **AuthenticateWithHeader / AuthenticateWithSession** - Guard $actor->save() with isDirty() after updateLastSeen() - updateLastSeen() is throttled to 180 seconds; on requests within that window the actor was already being saved unconditionally **User notification count caching** - Cache getUnreadNotificationCount() and getNewNotificationCount() for 5 minutes with active invalidation on all write paths - The TTL is a safety net; the cache is eagerly invalidated whenever notifications are created, read, or the user views notifications **Cache invalidation write paths** - Notification::notify() — invalidates both count keys for all recipients - ReadNotificationHandler — invalidates both count keys - ReadAllNotificationsHandler — invalidates both count keys - NotificationResource (Index endpoint) — invalidates new_notification_count after markNotificationsAsRead() updates read_notifications_at **ApplicationInfoProvider::identifyDatabaseVersion()** - Cache the DB version query for 24 hours; $cache is already injected Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
imorland
added a commit
that referenced
this pull request
Feb 26, 2026
…ession of #4365) #4365 added caching to getUnreadNotificationCount() and getNewNotificationCount() and correctly invalidated the cache in ReadAllNotificationsHandler and ReadNotificationHandler. DeleteAllNotificationsHandler was missed, so deleting all notifications left the stale count in the cache for up to 5 minutes — causing the notification badge to reappear after deletion until the cache naturally expired. Fix: call resolve('cache.store')->forget() on both count keys after deletion, matching the pattern already used in ReadAllNotificationsHandler. Also adds a regression test that primes the cache with a stale count, calls DELETE /notifications, and asserts both cache keys are cleared. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
imorland
added a commit
that referenced
this pull request
Feb 26, 2026
…ession of #4365) (#4391) #4365 added caching to getUnreadNotificationCount() and getNewNotificationCount() and correctly invalidated the cache in ReadAllNotificationsHandler and ReadNotificationHandler. DeleteAllNotificationsHandler was missed, so deleting all notifications left the stale count in the cache for up to 5 minutes — causing the notification badge to reappear after deletion until the cache naturally expired. Fix: call resolve('cache.store')->forget() on both count keys after deletion, matching the pattern already used in ReadAllNotificationsHandler. Also adds a regression test that primes the cache with a stale count, calls DELETE /notifications, and asserts both cache keys are cleared. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
AccessToken::touch()Only update
last_ip_address/last_user_agentwhen the values have actually changed, and only callsave()when the model is dirty. On high-traffic sites this eliminates a DB write on every token touch whenlast_activity_athas not yet elapsed the update threshold.AuthenticateWithHeader/AuthenticateWithSessionGuard
$actor->save()withisDirty()afterupdateLastSeen(). SinceupdateLastSeen()is throttled to 180 seconds, requests within that window were previously triggering an unconditional DB write even when nothing changed.Notification count caching
Cache
getUnreadNotificationCount()andgetNewNotificationCount()for 5 minutes with active invalidation on all write paths. The TTL is a safety net; the cache is eagerly invalidated whenever:Notification::notify()creates new notifications for recipientsReadNotificationHandlermarks a notification readReadAllNotificationsHandlermarks all notifications readListNotificationsControllerupdatesread_notifications_atviamarkNotificationsAsRead()ApplicationInfoProvider::identifyDatabaseVersion()Cache the DB version query for 24 hours.
$this->cache(CacheRepository) is already injected into the class.The 2.x port of this PR is #4380.