Distributed Session Consistency

A session is a session created by the server for the client to store user-related information used to identify the user's identity, etc. In a single-server environment, there is no need to consider the consistency of the session. However, some problems will arise in a clustered environment. For example, if a user's login request is load balanced to server A, and A server assigns a SESSION to it, when the user's subsequent request data is assigned to server B, as B server does not have this user's SESSION, the user will be redirected to the login page. This scenario represents an unreasonable business logic, so maintaining the consistency of the SESSION is necessary.

Solutions

Session Synchronization

Multiple servers synchronize SESSION with each other. After A server generates a SESSION information, it is synchronously transmitted to servers B, C, D, etc. Similarly, B, C, D servers also need to synchronize the SESSION information to A, so that each server contains all the SESSION.

Advantages

  • Most application servers provide SESSION replication function to achieve clustering.

Disadvantages

  • SESSION needs network transmission for synchronization, which consumes bandwidth and has certain delay.
  • Once the SESSION information of a machine changes, all server SESSION contents must be synchronized.
  • Each server will store all user information. Performance drastically decreases with the increase in servers, and it is prone to causing broadcast storms.

Session Mapping

By modifying the load balancing server, mark the SESSION ID returned to the user or the user's request IP address, i.e., use the fourth layer of the transport layer to read the network layer IP or in the seventh layer to read certain attributes in the HTTP protocol to perform HASH, ensuring that all requests from this user fall onto the same server.

Advantages

  • Relatively simple to implement.
  • As long as the servers are evenly allocated, multiple servers are load balanced.

Disadvantages

  • Once a server crashes, it will affect all users whose requests fall on this server.
  • The load balancing server becomes a stateful node, consuming more memory and complicating disaster recovery.

Client Storage

Directly store data to the client, such as in Cookie or request headers, and the client automatically carries data information with each request.

Advantages

  • Simple and efficient.
  • The server does not need to store user information.

Disadvantages

  • Poor security. Sensitive information must be encrypted.
  • Each request may carry a large amount of data, occupying external network bandwidth.
  • The data stored on the client may be at risk of leakage, tampering, or theft.

Backend Centralized Storage

Store SESSION in a separate server's database, such as MySQL, Oracle, SQL Server, Redis, MongoDB, etc. When SERVER servers need user information, they carry SESSION ID and request the centralized storage server to obtain user information.

Advantages

  • No security risks.
  • Easy horizontal expansion.
  • SERVER server restart will not cause SESSION loss.

Disadvantages

  • Each request adds a network request to the storage server.
  • There are a large number of requests to the centralized storage server, causing significant database pressure.

Daily Question

https://github.com/WindrunnerMax/EveryDay

Reference

https://www.jianshu.com/p/5caed857dc3e https://www.cnblogs.com/study-everyday/p/7853145.html