Distributed 6 core topics_ Distributed Session

1, Does the Session exist on the server or in tomcat?

Case demonstration process:
1. Create a springboot project
2. Start the project
3. Call login interface
4. Call the interface for obtaining user information
5. Restart the tomcat call to obtain the user information interface

1. Create a springboot project

pom

       <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

Test case

package com.gblfy.distributed.session.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;

@RequestMapping("/user")
@RestController
public class UserController {

    @GetMapping("/login")
    public String login(@RequestParam String username,
                        @RequestParam String password,
                        HttpSession session){
        //The account and password are correct
        session.setAttribute("login_user", username);
        return "Login successful";
    }

    @GetMapping("/info")
    public String info(HttpSession session) {
        return "Currently logged in:" + session.getAttribute("login_user");
    }
}
2. Start the project

3. Call login interface
#Login interface
http://localhost:8081/user/login
4. Call the interface for obtaining user information
#Get user information interface
http://localhost:8081/user/info

After the user logs in, the user information can be obtained normally

5. Restart the tomcat call to obtain the user information interface

It is found that after restarting the tomcat call to obtain the user information interface, the user information is null
The conclusion is that session cannot be shared. The following will continue to prove it

2, Relationship between Session and Cookie

The difference between cookie and session:

  • 1. The cookie data is stored on the client's browser, and the session data is placed on the server.
  • 2. Cookies are not very safe. Others can analyze the cookies stored locally and cheat them
    For security reasons, session should be used.
  • 3. The session will be saved on the server for a certain period of time. When access increases, the performance of your server will be compared
    Considering mitigating server performance, COOKIE should be used.
  • 4. The data saved by a single cookie cannot exceed 4K. Many browsers restrict a site to save up to 20 cookies
  • 5. There is no separation between session and Cookie. Session is stored on the property set Cookie in the Header requested by the browser
3, Traditional Session
3.1. Start project

Demonstrate that the same program starts port 8081 and port 8082 to simulate two distributed servers

3.2. Browser Test

1. Call 8081 login interface
2. Call 8081 to obtain the user information interface, and the user information can be obtained normally
3. Call 8082 to obtain user information interface, unable to obtain user information

#Login interface
http://localhost:8081/user/login
http://localhost:8082/user/login

#Get user information interface
http://localhost:8081/user/info
http://localhost:8082/user/info

The conclusion is that session cannot be shared

4, Distributed Session solution
4.1. Spring Session + Redis

https://gblfy.blog.csdn.net/article/details/113807497

4.2. Token + Redis

https://gblfy.blog.csdn.net/article/details/113807504

4.3. Token + JWT

https://gblfy.blog.csdn.net/article/details/113807506

Tags: Session

Posted by PaulRyan on Tue, 19 Apr 2022 07:20:47 +0930