Stateless is the way to go for services running in pods however i have been trying to move a stateful app which needs to perform session persistence if one pod goes does for resiliency reasons.
In websphere world IHS can be used to keep track of the session and if a node goes down it can be recreated on the live clone.
Is there an industry standard way to handle this issue without having to refactor the applications code by persisting the session using some sidecar pod ?
Cookie-based sessions are just that, based on cookies. Which are stored by the user's browser, not your app. If you mean a DB-based session with a cookie session ID or similar, then you would need to store things in some kind of central database. I would recommend using an actual database like postgres, but I suppose there is nothing stopping you from using a shared volume :)
Yes. Store the session somewhere. Spring boot supports out of the box MongoDB, Redis, Hazelcast or any JDBC database.
Spring Boot provides Spring Session auto-configuration for a wide
range of data stores. When building a Servlet web application, the
following stores can be auto-configured:
JDBC Redis Hazelcast MongoDB When building a reactive web application,
the following stores can be auto-configured:
Redis MongoDB If a single Spring Session module is present on the
classpath, Spring Boot uses that store implementation automatically.
If you have more than one implementation, you must choose the
StoreType that you wish to use to store the sessions. For instance, to
use JDBC as the back-end store, you can configure your application as
follows:
spring.session.store-type=jdbc
[Tip] You can disable Spring Session by
setting the store-type to none. Each store has specific additional
settings. For instance, it is possible to customize the name of the
table for the JDBC store, as shown in the following example:
spring.session.jdbc.table-name=SESSIONS
For setting the timeout of the
session you can use the spring.session.timeout property. If that
property is not set, the auto-configuration falls back to the value of
server.servlet.session.timeout.
Related
We have a lot of pages which are already running in PHP (core) and require very frequent (and sudden) changes. Therefore we would not like to migrate our code base entirely to Java. I was trying to create an architecture where we could have some part of the business logic processing (which requires a stronger foundation) in Spring Boot and the rest (especially the reporting part) to remain in PHP.
Now for this, I want to be able to share the Session between the already existing PHP applications and the application I am currently writing in Spring Boot. I have configured this application to run with Spring Session using Redis. I cannot and do not want to use a table based implementation for session management owing to a limited amount of resources in our database server.
My configuration for using Redis with Spring Spring Boot is as follows:
spring.session.store-type=redis
spring.redis.host=localhost
spring.redis.password=#somepasswordhere
spring.redis.port=6379
server.servlet.session.timeout=20m
spring.session.redis.flush-mode=on_save
spring.session.redis.namespace=SPRING_SESSION
spring.redis.jedis.pool.max-active=8
spring.redis.jedis.pool.max-idle=8
spring.redis.jedis.pool.max-wait=-1
spring.redis.jedis.pool.min-idle=16
spring.redis.timeout=1s
I have also been able to configure PHP to use the Redis server as it's data store for session management.
I would like to know if there is any way where I can have a common session for the two, i.e. where one application in PHP can access values (and its other properties such as expiry/validity) set to the session by the other application in Spring Boot and vice versa?
Also, I know that it would be off topic, but any suggestions for a more efficient Redis configuration would also be appreciated here for the Spring Session part.
I have a spring boot application which uses embedded tomcat. The app is hosted on multiple EC2 instances, which auto scale if required and some of which may be killed/restarted. So, effectively there are 3 instances of the app running , and requests are routed from the load balancer to any of these instances.
I am trying to track user sessions on my app. I started with implementing container level session management using tomcat HttpSession. But it is not able to track sessions across instances. On researching a bit, I got to know that i need something like session replication.
My app is not running a tomcat cluster, it has 3 independent instances of the API which do not talk to each other in anyway. I am not planning to change that and not sure if it is possible with AWS as it does not encourage multicast communication for this purpose.
Also, I do not want to setup/manage a separate DB (like redis with spring session) just for this purpose, because I only need session Ids for logging, and I need to do that in a lightweight manner.
Is there any other way to manage sessions across instances ? or for my purpose, would it be better to just implement some custom code which can check for session id/token passed to and fro between the frontend and backend.
The goal is to externalize the sessions from your application server so that you can autoscale, restart, load balance etc. without worrying about breaking a User's session.
Honestly on AWS using the Spring stack, I would recommend Spring Session + Redis. I've used it countless times and it is very easy to implement. You can leverage AWS Elasticache which manages the Redis cluster for you (like RDS does for relational DBs).
You could write your own custom implementation of Spring Session with a backing store of S3, Dynamo, etc. But is that really any better than the Redis implementation? I'd recommend the path of least resistance.
I have a spring 3 project, and I now need to share session among multiple server instance. Naturally, I thought about mongoDB, I want to use MongoDB as session storage for Spring project. But I googled a lot, and I can only find reference for Spring boot application, there is NO documentation telling me how to use mongoDB as sessionStorage for Spring 3.1.2 project.
Can anyone help to refer some good material telling me how to use mongoDB as session storage for Spring 3.1.2 project?
Thanks in advance.
Basically you want to issue your clients unique identifiers (UUIDs/IDs of any kind) and save any data you want to any DB you want by this unique ID. On subsequent requests you extract the ID the client sends back to your server via cookies/headers/HTTP parameters/whatever. You look up you "session" information in DB by this ID and use it in any manner.
If want to store my web application session to different storage, because one every new request user might use different node, is it possible to override default container session storage?
You do not need to overrride anything. It should come with the server you are using. You need to look at "Session replication". In clustering environments, the app server can be configured to replicate session across nodes.
You will need to check documentation of the app server you are using to figure out how this can be enabled.
Please checkout the memcached-session-manager. It stores the session in external memcached server and works for both sticky-session and non-sticky-session(which is your case) scenario.
Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login?
Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can start two different sessions on different servers.
P.S: all this is about Amazon EC2
There is a better way to do this: See the tomcat manual on session replication in cluster
You can do so by defining your own customized session manager,
http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
However, it probably doesn't work for your use-case. You don't know username before user logs in but the session needs to be created for the login.
I think pushing session to the backend is the best approach. You can use the JDBCStore session manager distributed with Tomcat. You can also find implementation for memecached.
If the purpose of multiple servers is for redundancy, you can also use clustering but that doesn't help you if your goal is to scale for load.