Design the session store behind a large web product. Every authenticated page load validates a session token; logins create sessions and activity slides their expiry forward.
What makes this one different is the consistency contract. A logout or a permission downgrade must be visible on the very next read — serving even one second of stale session is an account-security bug, not a performance quirk. That single clause disqualifies every expiry-based cache you have ever deployed: there is no TTL short enough. If you want a cache in this design (and at this read volume you do), it has to be one that is written to on every mutation, not one that ages out.
The write side is quieter but honest: logins and refreshes are a few thousand per second at peak, every one of them must survive a crash, and the store's per-shard write ceiling — not its disk — decides your shard count.