Home > Others

Bboss Session Sharing schema

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Bboss Session sharing schema 

 

Bboss session sharing features 
function:provide unified session management function for application, avoid the problem of load switching session loss under cluster deployment scenario;
Cross- domain sharing sessions across domains and enabling SSO capabilities, solve the five major technical challenges of session sharing: Sessions data serialization problems, session sticking issues, cross-domain cross-application session sharing issues, cross-container (Tomcat,jetty, WebLogic) Shared session problem, SSO single point login single point logout consistency issue.
Storage:use MongoDB to store session data, modify session properties in incremental mode, simple and efficient
Serialization:Serialization of session data in XML format with Bboss serialization mechanism, readable, easy to monitor, provides serialization plug-in, strong extensibility
Specification:Follow the servlet 2/3 specification to seamlessly integrate with existing application systems without or requiring minimal modification of the application code. Session listener should follow the Bboss conversation sharing specification, the original container session listener should be migrated to the Bboss session sharing implementation. If you modify the object data in the session, you must call the Session.setattribute method to update the object data to MongoDB so that the updated data is shared with other apps.
Compatibility:Cross-container, compatible with industry-leading application Server (Tomcat,weblogic,webspere,jetty), support container session management and Bboss session management mechanism, can freely switch application session management mechanism according to actual need.
constraints:no constraint, no session sticking, the client request can be assigned to each cluster node on average, support Lvs,haproxy,ngix 4, 7 layer load.
Security:The client stores SessionID based on a cookie mechanism, prevents XSS from stealing sessionid by setting the cookie HttpOnly property, and prevents the SessionID from being stolen during transmission by setting the secure property and combining HTTPS
regulation:Session Information Statistical query, application of online user statistics query, application of the conversation management function (including delete session, view session property data)

High order 
two session sharing modes available
Mode Oneinter-cluster session sharing mode, to achieve the same application cluster between the nodes of the session sharing, through this mode can avoid the failure caused the access request to switch the server when the session loss problem, but also can let the user request evenly distributed to each server, to achieve true load balancing.

Mode twoCross- domain cross-application mode for session sharing between different applications under the same domain name or the same root domain (different subdomains), enabling single sign-on functionality (SSO) between them
The first mode is relatively simple, the second mode is slightly more complex in configuration than the pattern one, and through pattern two you can flexibly define which session data needs to be shared between apps, which data is not shared with other applications as application private session data (this is useful in practice). All session data between apps is shared by default.

in a real-world application environment, pattern one and pattern two are used together, and each application itself uses the cluster deployment mode (which opens the session sharing mode between clusters). It also enables single sign-on between different applications using cross-domain cross-application patterns (provided they must use the same domain name or have the same root domain).

two session sharing modes (provided that the application must use the same domain name or have the same root domain name, different root domains can use the Bboss Unified token system for SSO across root domain systems)

 


Bboss Session Object MONGODB storage structure 
Shared session storage structure between single application cluster nodes 

 

shared session storage structure across domains for different applications 

 

Bboss Session Sharing schema

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More