11

Suppose I have more than one web application servers running and I am logging in a User from Server1 thus his session starts.As http is stateless, suppose if the next request goes to Server3 than the Sever1 which was used to login to the application,if I use cookies, hidden form , its not going to work in Server2.

So how do I manage the session ?, maybe by generating an ID (or even reusing the jsessioid generated ) and storing it in a central database,so that all servers can access this session ID and validate it before processing the request.Then in that case, I need to develop a mechanism to store all the session data as object to the database.

Is there any other built in mechanisms available ?

Tito
  • 8,894
  • 12
  • 52
  • 86

3 Answers3

12

If you are deploying application on more than one server, you should use "Clustering". Application servers are able to handle this scenario using "session replication". With session replication, each server will have a copy of the active users session. IF the first request goes to server A and second request goes to server B, it will be transparent to application code and end user.

For clustering/session replication in Tomcat, you can have a look at this link.

Manish
  • 3,913
  • 2
  • 29
  • 45
  • If I want to do it without clustering. Which would be the recommended approach ? – Tito Oct 15 '12 at 08:29
  • Have a look at this - http://stackoverflow.com/questions/4856324/tomcat-store-session-in-database – Manish Oct 15 '12 at 08:48
  • From the link you have provided , I could extend HttpSession and write my own JDBC backed implementation using a filter. How does that sound ? – Tito Oct 15 '12 at 13:46
  • Any idea on how to achieve this with a redis session store? Especially using node-redis, and connect-redis? – williamcodes Sep 13 '21 at 16:41
2

Spring provides the session management:

Spring Session makes it trivial to support clustered sessions without being tied to an application container specific solution. It also provides transparent integration with:

HttpSession - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs

WebSocket - provides the ability to keep the HttpSession alive when receiving WebSocket messages

WebSession - allows replacing the Spring WebFlux’s WebSession in an application container neutral way Source: Spring docs.

Please check this for further information: https://spring.io/projects/spring-session#overview

Community
  • 1
  • 1
smali
  • 4,687
  • 7
  • 38
  • 60
-1

If your infrastructure ( Server 1, 2...) are connected to a single network appliance like Citrix Netscalar, then you can use IP or Cookie Persistence so that netscalar sends further requests to the same server.

Novice User
  • 3,552
  • 6
  • 31
  • 56
  • Quite late here, but even if it is not the most optimal answer why downvote? The answer is correct... – ErnestV Jul 19 '20 at 22:01