Menu
I want to share sessions among 2 applications on different nodes; however, I am confused what the difference is between Cookie and Redis session stores; e.g. a cookie session might look like this:
rack.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiJFN2YxZDMxMGE5YTNhZjc2NGM1NDBk%0AMzdiODQ0MjcyMzk5MzAxY2YyYzdhNDMwOWVkMzhiNWVlMmY2N2QwYzExNg%3D%3D%0A--ec4ec7b5a807c806e02e2811f4a11d05877a7698
In Redis, a session-store, might look like this:
rack:session:eb23c0a055e9e6de3b8ad51efd9g6260d647b2e61326e35f5ff59cd490bfb405"
However, I am confused how these sessions can be shared. Whereas in a cookie approach, a request carries the state of the session, I can't see how the session in Redis actually matches to state among 2 applications. Any advice how to use Redis / share session state among 2 rack apps?
711
For most cases, we use the local Storage object if we want some data to be on the browser. If we want it on the server, then we use cookies, and the session storage is used when we want to destroy the data whenever that specific tab gets closed or the season is closed by the user.
The Redis session cache is most commonly used in a scenario where client requests are directed by a load balancing mechanism to two or more replicated WebSEAL servers. The Redis Session Cache. Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.
The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The server creates a “session ID” which is a randomly generated number that temporarily stores the session cookie.
Session is safer for storing user data because it can not be modified by the end-user and can only be set on the server-side. Cookies on the other hand can be hijacked because they are just stored on the browser.
The Redis session store still uses a cookie to track the session id client side. The difference is where the actual data that you stick in the session is stored. With the cookie store, it's stuffed into the cookie and sent back and forth with each request. With the redis-store, only the session id is passed in the cookie and the actual session data is retrieved from Redis using the session id in the cookie. Here's a great description of the various trade-offs with different session stores.
Sharing sessions might be made to work with both Cookie and and Redis session stores. Check out these two questions for details:
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
