Hi all, tl;dr: randomIV is now much faster, API is the same, upgrade ASAP to avoid painful slowdowns. Version 0.7 of clientsession brought with it a much enhanced encryption and hashing algorithm, courtesy of Felipe Lessa. Beginning with this version, you now need to provide an Initialization Vector (IV) for encrypting cookies, and these IVs need to be randomly generated. To start off with, we simply used the getIVIO[1] function to generate these values. Recently, some Yesod users reported that version 0.9 of Yesod no longer lived up to previous benchmarks. After some research, I determined that the slowdown came from the call to randomIV in clientsession. The initial fix was simply to disable this call when it wasn't used, but it was still a significant slowdown for most users of Yesod. Over the past few days, Felipe and I put together a significantly more efficient version of randomIV. getIVIO simply opens up /dev/urandom on each request, which involves I/O. As a result, the average run time of the function in our testing was 1.686ms. Instead, our new code initializes with a call to /dev/urandom for the base randomness. It then uses AES encryption to work as a cryptographic random number generator for generating successive IVs. Additionally, every 1000 calls (we'll probably change that number over time), it spawns a new thread to reseed the generator from /dev/urandom again. The result is a function that takes 7.144764 us, aka 236 times faster. Thanks for the initial reporters who commented on the slowdown in Yesod. If you install the newest clientsession and rerun the benchmarks, you should see *significantly* better results. Michael [1] http://hackage.haskell.org/packages/archive/crypto-api/0.8/doc/html/Crypto-M...