A session
is a session created by the server for the client to store user-related information used to identify the user's identity, etc. In a single-server environment, there is no need to consider the consistency of the session. However, some problems will arise in a clustered environment. For example, if a user's login request is load balanced to server A
, and A
server assigns a SESSION
to it, when the user's subsequent request data is assigned to server B
, as B
server does not have this user's SESSION
, the user will be redirected to the login page. This scenario represents an unreasonable business logic, so maintaining the consistency of the SESSION
is necessary.
Multiple servers synchronize SESSION
with each other. After A
server generates a SESSION
information, it is synchronously transmitted to servers B
, C
, D
, etc. Similarly, B
, C
, D
servers also need to synchronize the SESSION
information to A
, so that each server contains all the SESSION
.
- Most application servers provide
SESSION
replication function to achieve clustering.
SESSION
needs network transmission for synchronization, which consumes bandwidth and has certain delay.- Once the
SESSION
information of a machine changes, all serverSESSION
contents must be synchronized. - Each server will store all user information. Performance drastically decreases with the increase in servers, and it is prone to causing broadcast storms.
By modifying the load balancing server, mark the SESSION ID
returned to the user or the user's request IP
address, i.e., use the fourth layer of the transport layer to read the network layer IP
or in the seventh layer to read certain attributes in the HTTP
protocol to perform HASH
, ensuring that all requests from this user fall onto the same server.
- Relatively simple to implement.
- As long as the servers are evenly allocated, multiple servers are load balanced.
- Once a server crashes, it will affect all users whose requests fall on this server.
- The load balancing server becomes a stateful node, consuming more memory and complicating disaster recovery.
Directly store data to the client, such as in Cookie
or request headers, and the client automatically carries data information with each request.
- Simple and efficient.
- The server does not need to store user information.
- Poor security. Sensitive information must be encrypted.
- Each request may carry a large amount of data, occupying external network bandwidth.
- The data stored on the client may be at risk of leakage, tampering, or theft.
Store SESSION
in a separate server's database, such as MySQL
, Oracle
, SQL Server
, Redis
, MongoDB
, etc. When SERVER
servers need user information, they carry SESSION ID
and request the centralized storage server to obtain user information.
- No security risks.
- Easy horizontal expansion.
SERVER
server restart will not causeSESSION
loss.
- Each request adds a network request to the storage server.
- There are a large number of requests to the centralized storage server, causing significant database pressure.
https://github.com/WindrunnerMax/EveryDay
https://www.jianshu.com/p/5caed857dc3e
https://www.cnblogs.com/study-everyday/p/7853145.html