The challenges here is how and where to store user session data.
- This question basically sums up all my knowledge and asks the exact same question that I want to know.Read here. http://stackoverflow.com/questions/20588467/how-to-do-stateless-session-less-cookie-less-authentication/20674852#20674852
This is what flipkart did in it’s initial days (Video Link)
17:00 – Sticky Session
If we have multiple nodes and each has it’s own session management. If a request goes to node 1 and next time goes to node 2 then there’s no way for them to maintain the session.
Cons – creates an asymmetrical load distribution.
If an app server goes down for some time, all the request will to redirected to a other server and as we are using sticky session all further request will keep going to those server only, even if the failed server is up. So load distribution is uneven.
19:20 – Central Session Storage – can be a NFS mount or a RDMS. So now the load balancer can send the request to any app server as all use the same central session storage. But then this becomes the single point of failure.
21:00 – Clustered Session Management – peer to peer topology. Each app server is a peer. Whenever a session is created/updated each peer communicates with other to update them about it – broadcast to all other peers – mutual message passing between the servers.
Pro – no central session store
Con – the number of messages passed b/w server can very quickly increase as we go on adding more node.
Rare situation – If the message passing is slow then, it may happen that before the session data is updated across all nodes a new request from the user has come. This can cause an valid session to look invalid or app server will have old session data. This can happen if the request are coming from an automated client as the user request can’t be that fast.
( This is what Reddit follows. For the same page different users might get different count of upvotes for the same article. When there’s a upvote/downvote the count is updated on a single session server which is then polled to other servers. Before this data is replicated across if the page is loaded – that app server uses session data that’s on that cluster and is stale).
23:15 – Sticky session with a central session store / Sticky session with a clustered session