Anybody able to share specific reasons Magento recommends against using the customer session to authenticate GraphQL requests?

My general understanding is the reason is “speed”, but I’m wondering if that recommendation changes is you’re using redis to store session data vs file system, etc.

Despite the recommendation I’m currently trying to choose the lessor of multiple evils and I’d like to be convinced the session’s impact on GraphQL performance is such that it really is a non-option.

For context it all goes back to keeping the Magento PHP session in “sync” with a headless graphql “session.” I’d like to keep the source of truth in the Magento session and do any error correction in terms of differences in state on the headless side, but that requires me making some requests to the graphql API with the PHP session.

Thanks for your thoughts!

submitted by /u/kevysaysbenice
[link] [comments]