Tsung Load Testing Phoenix App

I have an elixir/Phoenix app which I am currently load/stress testing before releasing into the wild.

Currently using Tsung as my test tool.
When running test on my local machine (distillery release in PROD mode) the transaction times seem to increase with every user login.
I have run similar tests on the production environment and it seems to follow the same pattern.
See graph below.

tr_deposit is a POST request. this is fine and always under 1 second.
I’ts the logins and page requests that worry me. Is this normal?
even when i change the comeonin bcrypt_log_rounds to 4 it follows a similar curve, although slightly faster.
Note: This is on a phoenix browser pipeline but with CSRF disabled. With CSRF Tsung does not seem to be able to accurately post and I end up getting lots of 403’s.

How is this explained?

What would be a realistic expectation of transactions times when you have 10 users a second logging in?
I thought that these sort of numbers would be easy to manage in Phoenix?

Can you provide what the function that you are benchmarking actually does and your tsung config?

For note, Comeonin is specifically designed to be slow to hash the password, that is part of its security, so it will limit the number of simultaneous logins. The general idea is that logging in is fairly rare and using the site once logged in is common. Otherwise I would delegate to an OIDC server for login or so instead.

Thus logging in ‘should’ be slow, it’s to prevent people rapidly checking passwords (even if your database gets leaked!). Page likely shouldn’t be slow but without seeing what it does then can’t say.

But overall, if you don’t want the cryptographic CPU cost of a bcrypt or argon security style then I’d really say handle logging in via another OIDC server or so.