Four solutions for distributed sessions

1. The difference and connection between cookies and sessions

Cookies are used by the local client to store a small amount of data information. They are saved on the client and can be easily obtained by users. They are not very secure and the amount of data stored is small. Sessions are used by the server to store part of the data information and are saved on the server.
Users It is not easy to obtain, has high security, and the amount of data stored is relatively large. When stored on the server, it will occupy some server resources, but for its advantages, this shortcoming can be ignored.
 

2. The role of Session:

1. Record user information: Through Session, web applications can save information about users on the server side for use during the same session.

2. Login verification: After the user logs in, storing the user's information in the Session can verify the user's identity and use it in subsequent page requests.

3. Shopping cart function: Store the product information selected by the user in the Session for use during checkout.

4. Caching data: Through Session, some data can be saved on the server side, reducing the burden on the client and improving page response speed.

5. Improve security: Storing sensitive information in Session can prevent this information from being placed in client cookies, improving security.

In short, Session is a very important mechanism in Web applications. It can share data between multiple pages and improve the security and availability of Web applications.

In a session between the client and the server, the client (browser) sends a request to the server. First, the cookie will automatically carry the data (JSESSIONID) stored in the last request to the server. The server sends the request to the server based on the JSESSIONID in the request parameters. Query whether the JSESSIONID information exists in the session library. If it exists, the name server will know who this user is. If it does not exist, it will create a JSESSIONID and return the JSESSIONID to the client after the request is completed. At the same time, This JSESSIONID is saved in the client cookie.

The client and server communicate through the http protocol, but the http protocol is stateless, and there is no correlation between different request sessions, but the advantage is fast processing speed.

A session is an interactive session between a browser and a server. When the browser is closed, the session ends, but the session is still there. By default, the session is retained for 30 minutes.

3. Distributed session consistency

The client sends a request, and after load balancing, the request will be assigned to one of the servers. Since different servers contain different web servers (such as Tomcat), the session information saved by the previous web server cannot be found in different web servers. , a JSESSIONID will be generated again, and the previous state will be lost.

4. Four distributed session solutions

1. Solution One: Client Storage

Store information directly in cookies

A cookie is a small piece of data stored on the client. The client interacts with the server through the http protocol. It is usually used to store some insensitive information.

shortcoming:

• Data is stored on the client, which poses security risks
• There are restrictions on cookie storage size and type
• Data is stored in cookies. If the cookie is too large for a request, it will add greater overhead to the network.

2. Option 2: session copy

Session replication is a server cluster session management mechanism that is commonly used in small business applications . It is not used much in real development. A cluster is built by building a cluster of web servers (such as Tomcat).

Problems:

• The principle of session synchronization is to asynchronously synchronize sessions by sending broadcasts in the same local area network. Once there are more servers and concurrency is increased, the amount of data that needs to be synchronized for the session will be large, and all sessions on other servers need to be synchronized to this server. will bring a certain amount of network overhead. When the number of users is particularly large, there will be insufficient memory.

advantage:

Session information between servers is synchronized. When any server goes down, it will not affect the session status in other servers. The configuration is relatively simple.
Tomcat already supports distributed architecture development and management mechanisms. You can modify the configuration of tomcat to support it. Session replication synchronizes session objects between several servers in the cluster, so that each server saves the session information of all users, so that the downtime of any local machine will not cause the loss of session data, and the server uses During the session, you only need to obtain it locally.

How to configure :
In the server.xml file in the config directory under the Tomcat installation directory, open the comments. Tomcat must be in the same gateway, otherwise the broadcast cannot be received and the session cannot be synchronized. Enable session replication in web.xml
:<distributable/>

3. Option 3: session binding:

Nginx introduction:
Nginx is a free, open source, high-performance http server and reverse proxy server

What Nginx can do:
reverse proxy, load balancing, http server (dynamic and static proxy), forward proxy

How to use nginx for session binding?
We use nginx's reverse proxy and load balancing. Previously, the client would be assigned to one of the servers for processing. The specific server assigned to it for processing depends on the load balancing algorithm of the server ( Polling, random, ip-hash, weight, etc.), but we can bind the client and server based on nginx's ip-hash strategy , and the same client can only access the server, no matter how much the client sends Each request is processed by the same server

The nginx.conf file in the conf directory under the nginx installation directory

upstream aaa {
	Ip_hash;
	server 39.105.59.4:8080;
	Server 39.105.59.4:8081;
}
server {
	listen 80;
	server_name www.wanyingjing.cn;
	#root /usr/local/nginx/html;
	#index index.html index.htm;
	location / {
		proxy_pass http:39.105.59.4;
		index index.html index.htm;
	}
}

Disadvantages :

• It is easy to cause a single point of failure. If a server goes down, the session information on that server will be lost.
• The front end cannot have load balancing. If there is, there will be problems with session binding.

Advantages :

• Simple configuration

4. Solution 4: Storage session solution based on redis

Schematic flow chart of storage session solution based on redis

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-data-starter-redis</artifactId>
</dependency>

Configure redis

#redis数据库索引(默认是0)
spring.redis.database=0
spring.redis.host=127.0.0.1
spring.redis.port=6379
#默认密码为空
spring.redis.password=
#连接池最大连接数(负数表示没有限制)
spring.redis.jedis.pool.max-active=1000
#连接池最大阻塞等待时间(负数表示没有限制)
spring.redis.jedis.pool.max-wait=-1ms
#连接池中的最大空闲连接
spring.redis.jedis.pool.max-idle=10
#连接池中的最小空闲连接
spring.redis.jedis.pool.min-idle=2
#连接超时时间(毫秒)
spring.redis.timeout=500ms

advantage:

This is the most commonly used method in enterprises.
Spring has encapsulated spring-session for us, and we can directly introduce dependencies.
The data is saved in redis and seamlessly accessed. There are no security risks.
Redis itself can be used as a cluster to build the main server. It is convenient for management
. Disadvantages:

There is one more network call, and the web container needs to access redis.
Summary:
Generally, the server where the web container is located and the server where redis is located are placed in the same computer room to reduce network overhead and connect through the intranet.