Is Cache multi-user aware?

[SharkBaitDLS]

I'm considering using Serenity as a client layer backing some web APIs to avoid needing to implement my own HTTP client/caching/websocket updates for the Discord API.

However, since it's backing a user-facing website, it needs to make calls using a given authenticated users' bearer token, not just the bot token.

I'm roughly considering using a single Cache instance while creating a new HTTP client for each API call, and then creating and using a CacheAndHttp instance combining the two that gets passed in to the relevant Serenity APIs at invocation time. Does the cache ensure that permissions are still enforced or does this approach risk a user getting data out of the cache that they would not actually have permissions to if the underlying HTTP call was made?

If this doesn't work I can create a cache per user session which to my understanding will still avoid rate limits to Discord since each user session is using a unique token, but will potentially incur unnecessary traffic for requests that would have returned the same object and increase the memory footprint of the application with duplicated cache data.

[kangalio]

The cache is only designed for a single bot account. You can see this easily in its private fields

By the way, for such specialized purposes, the twilight libraries may be a better fit for you. Serenity is a batteries-included library for making bots, and Twilight is more of a toolbox to interact with Discord in general.