Every user.login operation (for portal login, basic auth or dav) calls refreshUser() to sync the user's realms with an "external" group provider (which could be a CM implementation).
Such implementations may be slow and expensive (i.e. involve a lot of db queries or slow to run), and it's thus not desireable to do this too often. Specifically in the case of WebDAV, currently every dav operation generates a new login, but the same would be true for users who login repeatedly through the UI or webservice, basic auth or other methods.
To reduce performance impact, implement a cache with a short default TTL (e.g. 1 minute) so that refreshUser is only called for each user once within the cache TTL seconds.
Develop from the "in-progress" patch submitted by Matthew Buckett for