BestHub
Sign in
Backend Development 10 min read

Ensuring Session Consistency in Distributed Java Apps with Spring Session & Redis

This article explains why traditional session handling fails in distributed environments, compares client‑side storage, session replication, sticky sessions, and centralized management, and provides a practical guide to implementing reliable session consistency using Spring Session with Redis, including configuration and code examples.

macrozheng
macrozheng
macrozheng
Ensuring Session Consistency in Distributed Java Apps with Spring Session & Redis

I discovered a shopping site where items can be added to the cart before logging in; when attempting to checkout, the user is forced to log in first.

Most modern e‑commerce platforms require users to log in before adding items to the cart, establishing a binding relationship among user, cart, and product.

In the initial scenario, the process relies on

session

. When the client adds the first item, the server creates a

session

and returns a

JessionId

stored in a cookie. Subsequent requests carry this

JessionId

, allowing the server to retrieve and update the same

session

. The default session timeout is 30 minutes; closing the browser invalidates the cookie, causing the

JessionId

to be lost.

In a distributed environment, sessions become problematic. If two servers A and B are deployed, the first request may hit server A, creating a

session

and returning a

JessionId

. A later request may hit server B, which cannot find the corresponding

session

for that

JessionId

, leading to loss of the previously added item.

To achieve session consistency in distributed systems, several strategies are discussed:

1. Client‑Side Storage

Storing the entire session in a cookie guarantees consistency across servers, but it exposes data to the client and is limited by cookie size and security concerns.

Drawbacks:

Security risks

Cookie size and data type limitations

2. Session Replication

Copying sessions between servers (e.g., from A to B and vice‑versa) keeps them synchronized. Web containers like Tomcat support session replication within the same LAN, broadcasting sessions to other nodes.

Drawbacks:

When many servers exist in the same subnet, each server replicates sessions, leading to memory waste.

3. Session Sticky (IP Hash)

Using Nginx reverse proxy with an

ip_hash

load‑balancing strategy binds a client to a specific server, ensuring subsequent requests go to the same server and avoiding session inconsistency.

Drawbacks:

If the bound server fails, the client’s session is lost.

4. Centralized Session Management

All sessions are stored in a centralized store such as Redis. Spring provides

spring-session

to handle session consistency across multiple instances.

5. Spring Session Practical Implementation

Spring Session offers an API and implementations for managing user sessions, supporting Redis, MongoDB, MySQL, etc., and integrates transparently with

HttpSession

.

It adds a

SessionRepositoryFilter

that wraps requests with

SessionRepositoryRequestWrapper

; calling

getSession()

invokes the Spring Session implementation.

Step 1: Add Spring Session and Redis dependencies:

<code>&lt;dependency&gt;
    &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
    &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt;
&lt;/dependency&gt;

&lt;dependency&gt;
    &lt;groupId&gt;org.springframework.session&lt;/groupId&gt;
    &lt;artifactId&gt;spring-session-data-redis&lt;/artifactId&gt;
&lt;/dependency&gt;

&lt;dependency&gt;
    &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
    &lt;artifactId&gt;spring-boot-starter-data-redis&lt;/artifactId&gt;
&lt;/dependency&gt;

&lt;dependency&gt;
    &lt;groupId&gt;org.apache.commons&lt;/groupId&gt;
    &lt;artifactId&gt;commons-pool2&lt;/artifactId&gt;
&lt;/dependency&gt;</code>

Step 2: Configure Redis connection and enable session storage:

<code>spring:
  redis:
    database: 0
    host: localhost
    port: 6379
    password:
  session:
    store-type: redis</code>

Step 3: Use the session in code:

<code>public String sessionTest(HttpServletRequest request) {
    HttpSession session = request.getSession();
    session.setAttribute("key", "value");
    return session.getAttribute("key").toString();
}</code>

In Redis, each session stores three keys: a Set containing the session ID with a timestamp, a hash with detailed session data (attributes, last accessed time, expiration), and a key representing the session’s expiration.

Redis can trigger expiration events either when a key is accessed after expiry or via a background scan. Spring Session adds a scheduled task that queries

spring:session:expirations:{timestamp}

each minute, accesses the corresponding session ID, and forces Redis to emit a timely expiration event.

Reference

https://www.cnblogs.com/sxw123/p/13803478.html

distributed systemsRedisSession Managementspring sessionJava backend
macrozheng
Written by

macrozheng

Dedicated to Java tech sharing and dissecting top open-source projects. Topics include Spring Boot, Spring Cloud, Docker, Kubernetes and more. Author’s GitHub project “mall” has 50K+ stars.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment