Storing user data in session store or retrieving from database in each request in ASP.NET Core?

Question

I am migrating the my old ASP.NET Web Forms project to ASP.NET Core Web API with an Angular frontend. in my older application storing user information instance and its values (like assigned groups, permissions, and other user information). I am going to use JWT, but I can't store all information in JWT, so should I continue utilizing sessions in my ASP.NET Core application or retrieve this information from the database in each request?

Is there any other Best practices are available in modern application development?

Answer 1

Multiple options for this, depending on what you need:

1. Angular cache. If the data is not sensitive, you can use the rxjs observables to cache some data on the application side. Nothing wrong with some data stored on the browser. Since you are coming from a full postback application, the SPA caching is most times equivalent to old Session object.
2. Depending on the implementation you might need some cache on the server side too. Since as mentioned you'll have multiple servers, I'd suggest only caching lookups and such, not user related data. If you implement stickyness with servers and sessions (not recommended), this is still an option.
3. Distributed cache. You might have heard of Redis and such? This is also an option to store cache data to a third service, accessible by all server instances.

It all comes down to complexity vs speed. If the queries are simple enough and lightning fast, then it might be useless to store them in any cache anyway.