Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Session Management in microservices

Tags:

java

cookies

session

microservices

weblogic

We have the following setup.

  1. STM (Stingrey Traffic Manager) does load balancing + session stickiness
  2. Weblogic 'cluster'
  3. Auth handled by a third party tool

Therefore I do not have to worry about session with regards to horizontal scaling/ running multiple instances of the application. STM/ Weblogic cluster makes sure that the subsequent request come to same managed server.

What we currently have is a monolithic application and we are trying to move to microservices. Also we do not wan't to move out of current infrastructure (i.e. STM/ Weblogic cluster/ Auth tool). What we have planned is:

  1. A Gateway WAR which routes requests to other microservices
  2. N x Microservices (WAR) for each functional sub-domain
  3. Only the API Gateway receives user requests and other microservices are not accessible from outside

So my question is

  1. Should API Gateway be state-full while other microsevices are stateless?
  2. If so, how should the user session data be shared between API Gateway and microservices?

Please suggest any better alternatives and resources/links as well. Thanks.

like image 677
Fahim Farook Avatar asked Sep 23 '15 13:09

Fahim Farook

People also ask

What is API session management?

The runtime session management API lets OAuth clients get information about user sessions, extend sessions, and revoke sessions. Knowing the remaining lifetime of a valid session could, for example, let an application prompt the user to extend the session. An OAuth client can take the pi.

How do you handle authentication in microservices?

To perform authentication based on entity context, you must receive information about the end-user and propagate it to downstream microservices. A simple way to achieve this is to take an Access Token received at the edge and transfer it to individual microservices.

How do you manage distributed transactions in microservices?

One of the important participants in a distributed transaction is the transaction coordinator. The distributed transaction consists of two steps: Prepare phase — during this phase, all participants of the transaction prepare for commit and notify the coordinator that they are ready to complete the transaction.

1 Answers

Let me share my opinion.

First of all, if you can keep your application stateless, by all means do so :) It will be the best solution in terms of both performance and scalability.

Now, if its impossible, then you should maintain some distributed session management layer.

The gateway responsible for authentication could generate some unique session identifier which could later be used as a key. This key could be propagated to all the microservices and be a part of the API or something.

In order to access the session, the microservice could 'get' value by key and work with it.

In terms of implementation: I would take a look on NoSQL solutions. Some of them that can suit your need are:

  1. Redis. Take a look on ''hset'' there
  2. Hazelcast. Its more a in-memory grid but if the solution is java only, you can also implement the required functionality
  3. Memcache.d. It will give you an old good map, just distributed :)

There are also other solutions I believe.

Now, the performance is crucial here, otherwise the whole solution will be just too slow. So In my understanding, using an RDBMS would be not be good here, moreover potentially it would be harder to scale it out.

Hope this helps

like image 101
Mark Bramnik Avatar answered Sep 21 '22 22:09

Mark Bramnik
Sign in to Comment

Related questions

How to get POST parameter in JAX-RS method?
The type org.eclipse.jdt.annotation.NonNull cannot be resolved. It is indirectly referenced from required .class files
How can node.js be faster than c and java? Benchmark comparing node.js, c, java and python
Java 8 Applying stream filter based on a condition
If/else representation with stream and Java 8
Why shouldn't you extend JFrame and other components? [duplicate]
How can I test final and static methods of a utility project?
How do I check if a Socket is currently connected in Java? [duplicate]
Hidden features of Spring framework? [closed]
connecting to shared folder in windows with java
What happens when I throw a C++ exception from a native Java method?
JSON GSON.fromJson Java Objects
Classic error: Unable to update index for central|http://repo1.maven.org/maven2
What is the Java equivalent of Objective-C's NSDictionary?
Catching Java errors
Java array length less than 0?
Spring 3.2 Autowire generic types
Where to put logback.xml in Tomcat?
final characters in Java [duplicate]
Eclipse parameter dialog/hint when using functions in code

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!