Blog
Memcached for session caching: stateless APIs, CORS, and why key design matters for browsers
Memcached does not speak HTTP CORS; your API layer must still emit headers even when sessions are externalized.
1 min read
memcachedcachecors
SASL auth
Protect Memcached with SASL on internal networks; never expose unauthenticated instances to the public internet.
Separate pools for session versus fragment caches to isolate blast radius.
Eviction policies
LRU drops can log users out abruptly—surface friendly client messages distinct from CORS errors.
Warm caches after deploys to avoid thundering herds on your auth service.