Horizontally scale an app that uses sessions? #2140
-
|
At first I thought maybe share them manually between instances using Redis/Memcached/etc, but do I even have to? Sessions in Mojolicious are stateless, after all, so one instance will probably recognize a session cookie issued by another one as long as all instances share the same config with same secrets, right? Or not? I looked into Mojolicious::Controller::session sources but it's not really obvious what's going on there. Like, what's the difference between 'mojo.session' and 'mojo.active_session' and how do they appear inside the stash in the first place? Tried looking on google etc, but didn't find anything related to horizontal scaling of Mojolicious sessions. Found Mojolicious::Sessions::ThreeS that kinda does what I want (i.e. provides the ::Storage abstract class, if I decide to go with the Redis approach eventually), but it seems to be years old and specifies Mojolicious 6.x as a dependency, maybe it will work but I'm not sure I want something like this in my project. Maybe there's a better way, or even an out-of-the-box solution? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You do not have to do anything on the backend in terms of shared anything to have sessions work across instances / nodes. As you mention the cookies are stateless and signed in such a way that any instance that shares secret will regard the cookie as valid. There is no functional difference between having multiple instances running on the same node or instances of the app spread across nodes / datacenters. A very common setup is having an ingress (eg. Nginx) and dispatching requests to an arbitrary number of nodes that all share the session secret. This works great. At $work we've had zero issues with session handling for the past 12+ years that we have been using Mojolicious. One very nice feature is being able to have multiple session secrets at any given time, letting you rotate secrets on a regular basis, without inconveniencing your users. When it comes to your question about the difference between So, in summary you can horizontally scal as far as you want to, just make sure to keep the secret secret. |
Beta Was this translation helpful? Give feedback.
You do not have to do anything on the backend in terms of shared anything to have sessions work across instances / nodes. As you mention the cookies are stateless and signed in such a way that any instance that shares secret will regard the cookie as valid. There is no functional difference between having multiple instances running on the same node or instances of the app spread across nodes / datacenters. A very common setup is having an ingress (eg. Nginx) and dispatching requests to an arbitrary number of nodes that all share the session secret. This works great. At $work we've had zero issues with session handling for the past 12+ years that we have been using Mojolicious. One very ni…