Module 4 - Scaling
Session Management
How to track user sessions in a distributed system.
1The Wristband Analogy
Simple Analogy
At a theme park, you get a wristband at entry. It proves you paid and tracks your preferences. Staff check your band-they don't remember you personally. That's session management.
Session management tracks user state across multiple requests. The challenge: doing this across multiple servers.
2Session Storage Options
Server Memory
Single server onlyFast but lost on restart. Can't scale horizontally.
Sticky Sessions
Simple appsLoad balancer routes user to same server. Limited scaling.
Centralized Store (Redis)
Production appsAll servers share session store. Most scalable.
JWT (Client-Side)
APIs, microservicesToken contains session data. Server is stateless.
Database
E-commerce cartsPersistent but slower. Good for long-lived sessions.
3Comparison
| Method | Scalable | Stateless | Revocable |
|---|---|---|---|
| Server Memory | No | No | Yes |
| Redis | Yes | No | Yes |
| JWT | Yes | Yes | Hard |
| Database | Yes | No | Yes |
4JWT vs Server Sessions
JWT
- ✓ Stateless-no server storage
- ✓ Works across microservices
- ✗ Can't revoke until expiry
- ✗ Token can grow large
Server Sessions (Redis)
- ✓ Easy revocation
- ✓ Small cookie (just ID)
- ✗ Requires shared store
- ✗ Extra lookup per request
5Key Takeaways
1Server memory sessions don't scale
2Redis is the standard for distributed sessions
3JWT enables stateless auth but hard to revoke
4Use short-lived JWTs + refresh tokens for security
5Choose based on revocation needs vs statelessness
?Quiz
1. User logs out. How do you invalidate their JWT?
2. Best session store for horizontally scaled app?