⪼ Made with 💜 by Polyglot.
The Session Store is a critical component for web applications to maintain state across requests. Popular solutions like Redis provide a fast, scalable session store by keeping session data in-memory.
The server uses Redis to store session data and associate it with each user. It assigns every client a unique session ID that is sent on each request to retrieve the correct session. Storing sessions in Redis instead of locally on each app server removes the need for "sticky sessions" when load balancing.
Session data in Redis is serialized as JSON or similar format. This enables structured data to be stored like user profiles, recent actions, shopping carts, and CSRF tokens.
Sessions should expire after a period of inactivity. This practice improves security and frees up stale resources. The expiration time can be configured based on app needs.
The diagram below shows a typical Redis session flow:
Steps 1 and 2 - A user login request is sent to the User Service.
Steps 3 and 4 - The User Service creates a new session in Redis by generating a unique session ID.
Steps 5 and 6 - The User Service sends the session ID back to the client where it is stored locally.
Steps 7 and 8 - The user adds a product to their shopping cart. This sends the request to the Shopping Cart Service.
Steps 9 and 10 - The Shopping Cart Service retrieves the session data from Redis using the session ID. It updates the session object in Redis by adding the new shopping cart items.
Steps 11 and 12 - The Shopping Cart Service returns a success status to the client.
