A Session is a series of sessions that the server stores for user operations and is managed by the Web container. In the case of a single machine, there is no Session sharing. In the case of a distributed machine, if there is no Session sharing, the request will be sent to different machines and the login will be repeated. Generally speaking, there are the following schemes to solve Session sharing.
1. Session replication
Session replication is an early enterprise-level session management mechanism of server cluster that is widely used. The application server enables the session replication function of the Web container to synchronize session objects between several servers in the cluster, so that all session information is stored on each server. In this way, the session data is not lost when any server is down. It is directly obtained from the local directory.
In this way, when the number of application clusters reaches thousands, there will be a bottleneck. Sessions need to be backed up for each application cluster, resulting in insufficient memory.
2. Session binding
Use hash algorithms, such as Nginx’s IP_hash, to distribute requests from the same Ip address to the same server.
This mode does not meet the requirements for high availability of the system. Once a server breaks down, the session on the machine will no longer exist. After users switch to other machines, there will be no session and services cannot be processed.
3. Use cookies to record sessions
The session is recorded on the client. Each time the client requests the server, it sends the session in the request to the server. After the server processes the request, it sends the modified session response to the client. The client in this case is the cookie.
Using cookies to record sessions also has disadvantages, such as limited by the size of cookies, can record limited information; Cookies need to be passed in each request response, affecting performance, and if the user turns cookies off, access is not normal. But because the
Cookie is easy to use, high availability and supports linear scaling of application servers. However, most of the session information to be recorded is relatively small. Therefore, in fact, many websites more or less use cookies to record sessions.
4. Session server
Session servers can solve all of the above problems by using independently deployed session servers (clusters) to manage sessions in a unified manner. Each time a server reads or writes a session, it accesses the session server.
This solution is essentially a separation of the state of the application server into a stateless application server and a stateful session server, and then designing the architecture for the different characteristics of the two servers.
A simpler approach for stateful session servers is to use memcached, databases, etc. These products are packaged to meet session storage and access requirements.
If a business scenario has high requirements on session management, such as using the basic single sign-on (SSO) and user server functions, a special session service management platform needs to be developed.
The above part of the content is extracted from the book “Large Website Technology Architecture: Core Principles and Case Analysis”. To obtain the high-definition electronic version of the book and more books on architecture technology, you can reply to “wechat Group” in the menu of the official account and obtain it in the corresponding group file.
Recommended reading
Dry goods: Free 2TB architect four-stage video tutorial
Interview: the most complete Java multithreaded interview questions and answers
Tools: Recommended an online creation flow chart, mind mapping software
Share Java dry goods, high concurrency programming, hot technology tutorials, microservices and distributed technology, architecture design, blockchain technology, artificial intelligence, big data, Java interview questions, and cutting-edge hot news.