Module 4 — Scaling
Stateless Services
The key to horizontal scaling. Any server can handle any request.
1The Coffee Shop Analogy
💡 Simple Analogy
Stateful: You have a "regular order" at one barista. If they're sick, no one knows your order.
Stateless: You show your order ticket every time. ANY barista can make your drink.
Stateless means the server doesn't remember you—you bring all context with each request.
Stateless: You show your order ticket every time. ANY barista can make your drink.
Stateless means the server doesn't remember you—you bring all context with each request.
2Why Stateless?
⚖️Easy Scaling
Add/remove servers anytime. Load balancer routes to any available server.
🔄Simple Failover
Server dies? No problem—other servers handle requests seamlessly.
🚀Simple Deployment
Deploy new version to any server. No session migration needed.
📊Better Load Distribution
Any server can handle any request. No sticky sessions needed.
3Stateful vs Stateless
| Aspect | Stateful | Stateless |
|---|---|---|
| Server Memory | Stores user sessions, caches | No local state |
| Request Routing | Must go to same server | Any server works |
| Scaling | Complex (session migration) | Add servers instantly |
| Failure Handling | User loses session | Seamless failover |
| State Location | In server memory | External (Redis, DB) |
4Making Services Stateless
Move all state out of the server:
Sessions
Redis, database
session_id → user_data stored in Redis
Caches
Redis, Memcached
Shared cache all servers can read/write
File Uploads
S3, object storage
Don't store on local disk
Scheduled Jobs
External scheduler
Use SQS, Celery, not in-memory timers
User State
JWT tokens, cookies
Encode state in token, server validates
5JWT for Stateless Auth
Stateless Authentication with JWT
Login:Server creates JWT with user_id, roles, expiry
Store:Client stores JWT (localStorage, cookie)
Request:Client sends JWT in Authorization header
Verify:Any server can verify signature—no database lookup
JWT Trade-off
JWTs can't be invalidated until expiry. For logout/revocation, maintain a short blacklist in Redis or use short-lived tokens with refresh tokens.
6Key Takeaways
1Stateless means server stores no per-user state. All context in request.
2Enables horizontal scaling—any server can handle any request.
3Move state to external stores: Redis for sessions, S3 for files.
4JWT enables stateless auth—user info encoded in token.
5Stateless services are easier to deploy, scale, and recover.
6Some state is unavoidable—make sure it's externalized and shared.