-1

I have several separated Spring Boot microservices. Sessions are created separately for every microservice (and their instances). I have Spring Session involved, that helps with creating a single session for any number of instances of a microservice, which is helpful. I am wondering is it possible to share the common single session somehow for the bunch of these microservices and their instances upon a login into a dedicated auth module, for example. Without any oauth, sso and additional software, simply sharing a session among them?

Alec
  • 352
  • 1
  • 5
  • 16
  • If you share the sessionid through cookies or headers (which is also explained int he documentation of Spring Session). – M. Deinum Apr 26 '22 at 05:52

1 Answers1

0

A reverse proxy, e.g. Nginx, in front of all micro services establishes session with a user’s browser and passes session header with each request from the browser to the micro services.

Delta George
  • 2,560
  • 2
  • 17
  • 11
  • 1
    Tried this. Had to setup location /app1 { proxy_pass http://localhost:8080/app1; proxy_pass_request_headers on; } location /app2 { proxy_pass http://localhost:8180/app2; proxy_pass_request_headers on; } but it did not help. Every app requires its own login – Alec Apr 26 '22 at 07:17
  • 1
    Now your requests are pre-authenticated and you can remove existing session setup in the micro-services. You can simply use sessionId from the proxy to create/access session data in Redis or elsewhere. However, the heavy lifting of session creation now has to be done in the proxy. – Delta George Apr 26 '22 at 07:53
  • The only idea is to utilize a common header behing the Nginx proxy and authenticate other microservices against a dedicated auth microservices, establishing for him a single session responsibility – Alec Apr 27 '22 at 15:14
  • There is a downside to a shared sessionId - any service can call any service using this sessionId. – Delta George Apr 27 '22 at 15:35