Ensuring Distributed Session Consistency with Spring Session and Redis
This article explains the challenges of session consistency in distributed web applications, compares various solutions such as client‑side storage, session replication, sticky sessions, and centralized management, and provides a practical guide to implementing Spring Session with Redis for reliable backend session handling.
When a user adds items to a shopping cart before logging in, the server creates a session and returns a JessionId stored in a cookie; the session typically expires after 30 minutes.
In a distributed environment with two servers (A and B), the first request may create a session on server A, but a subsequent request routed to server B cannot find the corresponding session, leading to loss of cart data.
One possible fix is to store the entire session on the client by placing it in a cookie, but this exposes data and is limited by size and security concerns.
Another approach is session replication, where each server copies its session to the other; however, this consumes memory heavily when many servers are present in the same subnet.
Using sticky sessions with Nginx ip_hash binds a client to a specific server, avoiding inconsistency, but if the bound server fails the session is lost.
The most common enterprise solution is centralized session management: all sessions are stored in a shared store such as Redis, and Spring provides spring‑session to handle session consistency across servers.
Spring Session offers an API that transparently replaces the standard HttpSession , supporting Redis, MongoDB, MySQL, etc., and adds a SessionRepositoryFilter that wraps requests with SessionRepositoryRequestWrapper so that calling getSession() interacts with the external store.
Step 1 – Add dependencies :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>Step 2 – Configure Redis :
spring:
redis:
database: 0
host: localhost
port: 6379
password:
session:
store-type: redisStep 3 – Use the session in code :
public String sessionTest(HttpServletRequest request) {
HttpSession session = request.getSession();
session.setAttribute("key", "value");
return session.getAttribute("key").toString();
}In Redis each session is stored as three keys: one for the session ID (a Set), one for the session data (attributes, timestamps, etc.), and one placeholder key that only triggers expiration handling.
Spring Session also creates expiration keys like spring:session:sessions:expires:{sessionId} and runs a minute‑level scheduled task that queries spring:session:expirations:{timestamp} to proactively trigger Redis expiration events.
The article concludes with a reminder to like, share, and follow the author’s public account for additional PDFs and community discussions.
Code Ape Tech Column
Former Ant Group P8 engineer, pure technologist, sharing full‑stack Java, job interview and career advice through a column. Site: java-family.cn
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.