Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Manage sessions in multiple server environment

Suppose I have more than one web application servers running and I am logging in a User from Server1 thus his session starts.As http is stateless, suppose if the next request goes to Server3 than the Sever1 which was used to login to the application,if I use cookies, hidden form , its not going to work in Server2.

So how do I manage the session ?, maybe by generating an ID (or even reusing the jsessioid generated ) and storing it in a central database,so that all servers can access this session ID and validate it before processing the request.Then in that case, I need to develop a mechanism to store all the session data as object to the database.

Is there any other built in mechanisms available ?

like image 572
Tito Avatar asked Oct 15 '12 08:10

Tito


People also ask

How to create multiple sessions for a single user?

How to create multiple sessions? 1) Use multiple browsers. 2) Modify the conf file to create localhost1 and locaohost2. 3) Store user information in the front-end HTTP Session with the user ID (unique) as the key, so that each time does not overwrite the last content. The user ID can be transmitted in the front end through URL parameter parsing.

How should we handle the user session information in microservices?

How should we handle the user session information — Suppose you have multiple micro-services dockerized and deployed. The application generates a JWT token after the user logs into the application and web UI (or mobile app for that matter) code keeps this token in local storage to be passed along the subsequent HTTP requests.

How do I use session management on a load-balanced site?

To use ASP session management on a load-balanced site, you must ensure that all requests within a user session are directed to the same Web server. One way to do this is to write a Session_OnStart Event procedure that uses the Response object to redirect the browser to the specific Web server on which the user's session is running.

Where is session information stored in ASP?

ASP session information is stored on the Web server. A browser must request pages from the same Web server for scripts to access session information. On cluster of Web servers (where many Web servers share the responsibility for responding to user requests) user requests will not always be routed to the same server.


2 Answers

If you are deploying application on more than one server, you should use "Clustering". Application servers are able to handle this scenario using "session replication". With session replication, each server will have a copy of the active users session. IF the first request goes to server A and second request goes to server B, it will be transparent to application code and end user.

For clustering/session replication in Tomcat, you can have a look at this link.

like image 182
Manish Avatar answered Oct 07 '22 18:10

Manish


Spring provides the session management:

Spring Session makes it trivial to support clustered sessions without being tied to an application container specific solution. It also provides transparent integration with:

HttpSession - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs

WebSocket - provides the ability to keep the HttpSession alive when receiving WebSocket messages

WebSession - allows replacing the Spring WebFlux’s WebSession in an application container neutral way Source: Spring docs.

Please check this for further information: https://spring.io/projects/spring-session#overview

like image 43
smali Avatar answered Oct 07 '22 18:10

smali