BestHub
search
Sign in
Backend Development 10 min read

Differences Between Cookies and Sessions and Solutions for Distributed Session Consistency

This article explains the distinction and relationship between cookies and sessions, describes how sessions work in web applications, and compares four approaches—client‑side storage, session replication, Nginx session affinity, and Redis‑based session storage—for achieving consistent distributed session management.

Architecture Digest
Architecture Digest
Architecture Digest
Differences Between Cookies and Sessions and Solutions for Distributed Session Consistency

Cookie and Session Differences and Relationship

Cookie is a small piece of data stored on the client side, easily accessible, low security, and limited in size; session is stored on the server side, less accessible to the user, higher security, larger storage, and consumes server resources, though this drawback is usually negligible.

What Session Is Used For

During a client‑server interaction, the browser automatically sends the JSESSIONID stored in a cookie; the server uses this ID to retrieve the corresponding session data, thereby recognizing the user. If the ID does not exist, the server creates a new one and returns it to the client.

HTTP is stateless, so each request is independent, which gives fast processing.

A session persists for a default of 30 minutes after the last request, even if the browser is closed.

Distributed Session Consistency

When a request passes through a load balancer, it may be routed to any server in a cluster. Because each server has its own in‑memory session store (e.g., Tomcat), the session created on one node is not visible to another, causing loss of state.

Solution 1: Client‑Side Storage

Store information directly in cookies. Cookies are client‑side data used for non‑sensitive information.

Drawbacks

Security risks because data resides on the client.

Size and type limitations for cookies.

Large cookies increase network overhead.

Solution 2: Session Replication

Session replication is common in small‑scale applications. It synchronizes session data across a cluster of web servers (e.g., Tomcat) by broadcasting updates within the LAN.

Problems

Synchronization traffic grows with the number of servers and users, leading to network overhead and possible memory exhaustion.

Advantages

All servers have the same session state; a single server failure does not lose sessions.

Tomcat provides built‑in support for distributed session replication.

Configuration

In Tomcat’s server.xml enable the distributable flag and configure the web.xml:

In web.xml add:

<distributable/>

Solution 3: Session Affinity (Binding) with Nginx

Nginx Overview

Nginx is an open‑source high‑performance HTTP server and reverse proxy.

What Nginx Can Do

Reverse proxy, load balancing, static/dynamic content serving, forward proxy.

How to Use Nginx for Session Affinity

By using the ip_hash directive in the upstream block, requests from the same client are always routed to the same backend server, keeping the session on a single node.

Example nginx.conf snippet:

upstream aaa {
    ip_hash;
    server 39.105.59.4:8080;
    server 39.105.59.4:8081;
}
server {
    listen 80;
    server_name www.wanyingjing.cn;
    location / {
        proxy_pass http://39.105.59.4;
        index index.html index.htm;
    }
}

Drawbacks

Single point of failure – if the chosen server goes down, its sessions are lost.

Load balancers that do not support affinity can break the scheme.

Advantages

Simple configuration.

Solution 4: Redis‑Based Session Storage

Using Redis to store session data provides a centralized, fast, and scalable store.

POM Dependencies

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-data-starter-redis</artifactId>
</dependency>

Redis Configuration

# Redis database index (default 0)
spring.redis.database=0
spring.redis.host=127.0.0.1
spring.redis.port=6379
# No password by default
spring.redis.password=
# Connection pool settings
spring.redis.jedis.pool.max-active=1000
spring.redis.jedis.pool.max-wait=-1ms
spring.redis.jedis.pool.max-idle=10
spring.redis.jedis.pool.min-idle=2
# Timeout
spring.redis.timeout=500ms

Advantages

Widely used in enterprises.

Spring Session abstracts the integration.

Data stored in Redis is secure and can be clustered.

Disadvantage

Introduces an extra network hop for each request.

Conclusion

Typically the application servers and the Redis server are placed in the same data center to minimize network latency and use internal networking.

backend developmentredisnginxcookiesdistributed sessionsessions
Architecture Digest
Written by

Architecture Digest

Focusing on Java backend development, covering application architecture from top-tier internet companies (high availability, high performance, high stability), big data, machine learning, Java architecture, and other popular fields.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment