Scalable http session management (java, linux) Scalable http session management (java, linux) linux linux

Scalable http session management (java, linux)


java linux http session scalability

I would go with some standard distributed cache solution.Could be your application server provided, could be memcached, could be terracottaProbably doesn't matter too much which one you choose, as long as you are using something sufficiently popular (so you know most of the bugs are already hunted down).

As for your other ideas:

  • Don't keep session - as you said not possible
  • Client Side Session - too unsecure - suppose someone hacks the cookie to put discount prices in the shopping cart
  • Use database - databases are usually the hardest bottleneck to solve, don't put any more there than you absolutely have to.

Those are my 2 cents :)

Regarding multiple data centers - you will want to have some affinity of the session to the data center it started on. I don't think there are any solutions for distributed cache that can work between different data centers.

java linux http session scalability

You seem to have missed out vanilla replicated http sessions from your list. Any servlet container worth its salt supports replication of sessions across the cluster. As long as the items you put into the session aren't huge, and are serializable, then it's very easy to make it work.

http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html

edit: It seems, however, that tomcat session replication doesn't scale well to large clusters. For that, I would suggest using JBoss+Tomcat, which gives the idea of "buddy replication":

http://www.jboss.org/community/wiki/BuddyReplicationandSessionData

java linux http session scalability

I personally haven't managed such clusters, but when I took a J2EE course at the university the lecturer said to store sessions in a database and don't try to cache it. (You can't meaningfully cache dynamic pages anyway.) Http sessions are client-side by the definition, as the session-id is a cookie. If the client refuses to store cookies (e.g. he's paranoid about tracking), then he can't have a session.You can get this id by calling HttpSession.getId().

Of course database is a bottleneck, so you'll end up with two clusters: an application server cluster and a database cluster.

As far as I know, both stateful message beans and regular servlet http sessions exist only in memory without load balancing built in.

Btw. I wouldn't store e-mail address or usernames in a hidden field, but maybe the content of the cart isn't that sensitive data.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last