Interview topic: Under the distributed architecture, what are the solutions for Sesion to share

• Use stateless services, abandon Session (for example, use Jwt)

• Cookies can be stored (because Cookies are stored on the client side, which may lead to information exposure and security risks)

• Session synchronization between servers, so as to ensure that each server has current Session information, but when there are more servers, there will be delay problems or synchronization failures.

• The IP binding strategy uses the IP binding strategy in ngnix (or other load balancing hardware, such as F5). The same IP can only be accessed from the same server, but doing so will lose the meaning of multiple balancing. It will affect the use of a group of users. The Internet is now implementing stateless requests

• Using Redis storage
  Putting the Session in the Redis storage, although the architecture will become complicated, and the Redis service needs to be asked once more, the benefits of such a solution are great

• Realize Session sharing

• Can be scaled horizontally (add Redis server)

• Session is not lost when the server restarts (but also pay attention to the refresh and invalidation mechanism of Session)

• Not only can be shared across servers, but also across platforms (such as web and PC, or heterogeneous platforms under the microservice architecture)