How to Efficiently Manage User Lockout: Redis Cache vs Database Storage
This article examines the design choices for handling a member's lockout state after multiple failed logins, comparing Redis cache storage with a database field, and proposes a refactoring plan that balances performance, consistency, and operational complexity.
Project Background
The member center has 10 million registered users and is being refactored using Java, Oracle, and Redis for caching.
Use Case
When a member fails to log in more than three times, the account must be locked; deciding where to store and how to clean up this lock state is a key problem.
Login Flow (Simplified)
Precondition: user has an account and opens the login page.
Front‑end: member enters username and password.
Back‑end: verify credentials; on failure increment error count.
After three failed attempts, back‑end updates the member status to locked.
Post‑condition: subsequent logins or business requests show the locked status.
Domain Analysis
The lock state is temporary and cleared after 24 hours.
It affects business scenarios that need to check member status.
Solution Analysis
1) Store in Redis cache
Pros: avoids database access, improves performance, leverages Redis eviction.
Cons: strong dependency on cache (lock lost if cache fails), increased system and code complexity, multiple subsystems must read the cache.
2) Store in a database field
Pros: high data consistency, simpler code, no need for each interface to query the cache.
Cons: slight performance impact, requires a scheduled task to clear expired locks.
Refactoring Plan
Conclusion: Although cache‑based storage suits architectures with full member caching, our project does not use such an architecture, leading to coupling and double‑checking. Therefore we adopt the database approach.
Changes:
Add a status column for login lock in the member table.
Update the DB record to locked after exceeding login attempts.
Introduce a scheduled job to clear expired lock states.
Future Optimizations
Create a lock‑log table to record locked member IDs, reducing full scans.
Cache all member data and store lock state temporarily in Redis.
Design Insights
Architecture decisions must align with business volume, use cases, non‑functional requirements, and team capacity. The optimal solution is the one that fits the current context, offering foresight without over‑engineering, suitable for fast‑iteration, MVP‑style development.
We welcome discussion and suggestions.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
ITFLY8 Architecture Home
ITFLY8 Architecture Home - focused on architecture knowledge sharing and exchange, covering project management and product design. Includes large-scale distributed website architecture (high performance, high availability, caching, message queues...), design patterns, architecture patterns, big data, project management (SCRUM, PMP, Prince2), product design, and more.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.