Session consistency solution
What is a session?
The server creates a session for each user, storing information about the user so that multiple requests can be located in the same context. This related information is the session. Thus, when the user jumps between the application’s web pages, the variables stored in the session object will not be lost, but will persist throughout the user session.
Session is a supplement to the http stateless protocol, achieving the purpose of maintaining state
What is the session consistency issue?
Assume that the session in which the user contains the login information is recorded on the first server. If the reverse proxy routes the request to another server, the related information may not be found, and the user needs to log in again.
1. Client saves cookies
- Server does not need to store
- Each time http request carries a session, accounting for network bandwidth
- The data is stored on the client and transmitted over the network. There are security risks such as leakage and tampering.
- The size of the data stored in the session is limited by the cookie.
As the technology continues to evolve, the client saves the cookie and the message is full. The cookie stores the sessionId and JWT. They have different advantages and disadvantages. You can click on the other blog of the author to view the related introduction.
2. session replication method
Multiple servers synchronize sessions with each other, so that each server contains all sessions
- Only need to set the configuration, the application does not need to modify the code
- Session synchronization requires data transmission, accounting for intranet bandwidth, with delay
- All servers contain all session data, the amount of data is limited by the minimum memory sever, the horizontal expansion ability is poor
3. Session Center Storage
store the session in the centralized cache on the server backend
- No security risks
- Can scale horizontally, support cache clustering or horizontal expansion
- Added a network call
- Need to modify the application code
4. session session glue
Session session glue: English original word “Sticky Sessions”
Reverse proxy layer allows the same user’s request to be guaranteed to fall on a server?
- Method 1: Four-layer proxy hash. The reverse proxy layer uses the user ip to do the hash to ensure that the same ip request falls on the same server (more recommended, ensuring that the transport layer does not introduce the logic of the service layer)
- Method 2: Seven-layer proxy hash. The reverse proxy uses some service attributes in the http protocol to perform hashes, such as sid, city_id, and user_id. It can implement hash policies more flexibly to ensure that requests from the same browser user fall on the same server.
- Just need to change the nginx configuration, no need to modify the application code
- Can support server horizontal expansion
- The server expands horizontally. After rehash, the session is redistributed. Some users will not be routed to the correct session.
- Even if the hash is evenly distributed, there is no guarantee that the load of the server will be even.