Caching Strategy
Related docs:
Hosting Infrastructure·Design
1. Redis Deployment
Redis runs as a system service on the same EC2 instance as the Express API, accessible only within the VPC (port 6379 blocked at security group level for external traffic).
Connection string:
REDIS_URL=<REDIS_URL>
The production Redis instance is tuned for high performance and low latency. Key configurations include memory limits using the allkeys-lru eviction policy, persistence settings optimized for ephemeral data, and secure access restricted to the internal VPC.
2. Use Cases and Policies
2.1 User Sessions
Sessions are stored in Redis using a JWT reference map. They are set to a 7-day rolling expiry and are invalidated immediately upon logout.
2.2 Cart Data
Cart contents are persisted for both guest and authenticated users for up to 30 days. Guest carts are automatically merged upon login.
2.3 Rate Limiting
A sliding-window rate limiter protects the API from abuse. General endpoints are limited to 1,000 requests per 15 minutes, while sensitive payment endpoints have stricter thresholds.
2.4 Temporary Payment Status Cache
To reduce database load during active checkout polling, payment statuses are cached briefly (60 seconds) after each gateway update.
2.5 Product Listing Cache
Frequently accessed product lists are cached for 5 minutes. The cache is automatically cleared whenever a product is created, updated, or deleted.
3. Summary of Policies
| Data Type | Primary Objective | Default TTL |
|---|---|---|
| User Sessions | Session persistence | 7 days |
| Shopping Carts | Cart persistence | 30 days |
| Rate Limiting | DDoS / Brute-force protection | 15 min |
| Payment Status | DB load reduction | 60 sec |
| Product Listings | API performance | 5 min |
4. Cache Invalidation Events
- User Logout: Specific session data is removed.
- Order Placement: The user's active cart is cleared.
- Inventory Changes: Product listing caches are cleared globally.
- Payment Updates: The temporary status cache is updated by the webhook handler.
5. Observability
All Redis operations are traced via Middleware.io OpenTelemetry instrumentation. Cache hit/miss ratios are visible in the Middleware.io dashboard under the redis span group. Alert thresholds:
- Cache memory > 80% → alert (risk of eviction)
- Redis connection errors > 5/min → critical alert