We are running 4 instances of tomcat server in 2 geo-locations with DNS-based load balancer. We are providing some export services which tasks require a lot of time to complete. So the user typically submits a request to one of our servers and that is responsible for whole processing.
The problem shows up when the user is later requesting for progress information on a randomly chosen instance.
I was thinking about sharing progress information across all instances such as a spring authentication is shared using Redis. I've tried to use spring session bean with aop proxy for sharing progress information, but it seems to be a bad idea. I did some research and debugging that shows the bean is stored in Redis and can be accessed by all instances, but the state is no longer updated. I believe that's because the thread is not able update session information after the original request is return to caller.
Another solution I could think of, is to use our MySQL database for storing such information, but i'm afraid of huge overload caused by continual updating of progress information.
Any ideas to solve my issue?
Thanks in advance,
Michal
OK, I've finally resolved my issue. I was thinking hard about persisting a progress information in session, that was not available when processing an asynchronous task, and I've completely overlooked the fact it is not a good idea:-)
My new solution is as simple as it could be. The unique task id is generated when user requests for task processing and returned to client. Progress information is continuously updated in redis under defined task key, so that the task id could be later used when client is requesting a task state. There is no need for using session because the redis instances are synchronized by replication itself.
Thanks everyone for comments!
Regards,
Michal
Related
I have two war files such as war1 and war2
If am login the application, the session will be created in war1 and from that if am navigate to war2, there i need the same session data.
I tried crossContext=true in context.xml of server from that i can access the data by storing it in servletContext.
But the issue is once i logined the screen in chrome the session data will be stored in servletContext and the data will maintain till the application is running.
If am giving the same URL in another browser like IE here also, i can get the servletContext data so instead of navigate to login page the corresponding screen will be opened
Kindly suggest me how can i overcome this issue in java?
Is there any way to findout browser switching or incognito window mode of the browser in java?
Note: am using tomcat server
I have never dealt with your exact configuration problem, but even if you can make this work on a single Tomcat instance, you might have problems should your two web applications ever be distributed across multiple Tomcat instances.
So, I am going to suggest that you actually use a database to store state which needs to be passed between the two applications in a safe and reliable way. Note that the database approach also scales nicely in a distributed environment, so long as you have a single logical database.
While session replication indeed can be done in Tomcat (see here) I really suggest you to avoid this type of issues by eliminating the session altogether.
This session replication is an approach that was somewhat common before ~15-10 years, but nowadays when we have a lot of servers running in parallel to serve user requests and have elastic clusters, this approach is not good enough because basically it doesn't scale well.
There are many ways to achieve what you want, though:
Use a shared database to store the session information. Add some session Id to the response and require the client to pass this id back into all subsequent request along the session. Then execute a query to the Database by this Id and retrieve all the session information.
This solution also doesnt really scale well, but then you can shard the session information if the db permits to do so...
Use Redis/Aerospike to save the session information of the currently connected user. somewhat like DB approach, but since redis run in-memory it will be much faster. In general, this approach can be used in conjunction with 1 where redis is an in-memory cache.
Encrypt the session information or even just sign cryptographically and send back to client. Client will have to supply this information along with the request without knowing which server will actually serve this request.
Without delving into cryptography I'll just state that encryption can be done if you don't want client to see the session information (despite the fact that this is the user whose information is supplied) and signature is used to prevent tempering the data (while sending it back to server).
The data can be supplied to server from client via Header or cookie for instance.
I have the following situation, i have a microservice architecture with an api gateway and multiple downstream services, some of these have an independent session and this causes my system to throw expired session exception on random service calls.
Since we cannot rewrite these services from scratch we started by introducing hazelcast so that all services can share the same session.
the problem now is that when a service writes an object of a class that other services don't have in their classpath a deserialization exception is thrown.
to solve this i was thinking that if only the attributes that get accessed from a service get deserialized i could probably avoid the exception and everything should work fine.
Do you know if this is at all possible with spring session, or maybe can suggest another solution that would allow me solve the initial problem?
here is a sample project to reproduce my problem: https://github.com/deathcoder/hazelcast-shared-session
I believe I got what's happening: Spring-Session-Hazelcast by default store session updates locally until request completed & when request completed, before returning the response, send everything to the cluster using EntryProcessor. EntryProcessor requires object classes available on the member who stores that session record and since data is distributed, it's possible some other member stores a session created in another instance. According to what you're saying, not all nodes are identical, don't contain all classes & this causes serialization exception.
What you can do, you can use User Code Deployment feature to deploy those missing classes to other members: https://docs.hazelcast.org/docs/3.11/manual/html-single/index.html#member-user-code-deployment-beta
If you're changing object that you're storing in the session, you can set class-cache-mode to OFF to prevent not caching them but sending with each operation.
Please try & let me know if this solves your problem.
I would try to avoid sessions in the API layer in the first place. They scale poorly. And synchronizing sessions is even less scalable.
Try using access tokens instead, for example a JWT token. A token should contain enough user identity information to load the resources necessary to process the transaction (the resources can be cached).
As for the other state in the session - microservices are self-contained from the process perspective, so all intermediate results should be persisted to the database. But of course I don't know the details of your particular application, so this is just a general thought.
I know I don't have any code to show you guys, I am stuck at some point and I dont know where to start. I hope someone will help me.
I am developing a Spring MVC application, and I need to send a message to all active session users to execute a script which is available to all the clients as it is defined in a js file and included for every user.
I have looked around and found some frameworks which offers these type of functionalities like Atmosphere but I don't think it should be used in my situation as it is a big framework and the functionality required is very little. I have also gone thorough WebSockets but I cant find anything which would help me in invoking the script on client side for all the clients.
If someone can help me go to a right path or direct me to a similar example. I will be grateful
****Update****
I can also use polling if there is way that: if the controller gets a request the session should be considered idle during that, for instance, there is controller which is called every 5 minutes and in the session out time is 30 minutes. The session won't expire in this time if the controller used for polling is called every 5 minutes, I need to exclude the particular controller from calculating the idle time
No Polling Solution:
From what I gather, you need a Remote Procedure Call mechanism.
I would go with https://github.com/eriksank/rpc-websocket.
The general idea:
Your clients register themselves to your server process as "consumers".
When a message is ready, your server then goes through every registered "consumer" and sends the message which rpc-websocket can handle .
Polling Solution:
Here is a general idea, works if you have registered, logged on users.
Have a database table that stores messages, lets call it "messages".
Have a database table that keeps track of messages and users, lets call it "message_tracker". if a user has seen a message, there will be a row in this table for the messageId and UserID.
Have a javascript script poll a server url for new messages. What is a new message can be decided based on the database tables above.
If a new message is found, process it and then call another server url which inserts into the message_tracker database table
I'm trying to fully understand when/how to use CloudBees' notion of application session stores.
After reading that article, my understanding of them is that they provide a way to make multiple instances of your appserver share persistent session variables. That way, you can load balance between each server, and it doesn't matter which instance your user gets redirected to; each server instance has the same shared session states (for all users).
So first, if my understanding is incorrect or slightly misinformed, please begin by correcting me!
Assuming I am more or less correct, then I have the following questions:
How does this hurt performance or memory utilization? I would imagine that if each server has to share the same cached session data for all users, it would get kind of bulky and perhaps even pricy...
Is there a way to programmatically CRUD session states (i.e. flush the cache, inspect it with JMX, etc.)?
Can someone provide a concrete use case for this feature, just so I'm positive I "get it"?
Thanks in advance!
Session store let you replicate the HttpSession around the cluster, so that you can scale-out application load on multiple instances, without having to stick a user to a specific server (this is the other option you can use : configure sticky session)
By nature, serializing HttpSession data has some impacts on performance, but as it uses a memcache backend this is minimal. This also mostly depends on the amount and size of objects you store in user session. Also, please note this require you explicitly put object in HttpSession after any attribute change, even the object was retrieved from session - this is a general API issue with JavaEE clustering.
You can't programmatically query the session store (you could with the adequate memcache client code, but this doesn't make much sense)
Two concrete use cases
application distributed on multiple nodes, with session distributed around the cluster, and without sticky session so that load is actually distributed for ALL user
Application te be redeployed can't suffer user session to be lost, to ensure a continuous 0 downtime service. version N+1 application will then retrieve httpsession data from version N, need to be compatible from serialization point of view, but connected user won't notice the redeployment and version upgrade
Assume I have 2 OSGi services. One of them is memory cache of DB records. Another service is set of CRUD operations on these DB records. During modification I would like to rebuild existing cache. How one service can force another be MODIFIED? Something like to send org.osgi.framework.ServiceEvent.MODIFIED event.
(please note that it is simplified example of real business case and I don't really place cache as a service)
UPDATE to make question more clear - I need exactly same function as ServiceRegistration#setProperties provides. Unfortunately ServiceRegistration should not leave bound of Bundle.
Why do you want to solve this using services?
Simply send an event using EventAdmin from the CRUD bundle that says that data is modified. So the cache can listen to these events and act accordingly. The advantage of the eventing solution is that the crud service does not really have to know there is a cache it just sends the event to whoever is interested.
Please, please don't try to do this.
Only the provider bundle for the service knows what implementation is behind it... that is why only the provider has access to the registration details.
The cache provider should detect for itself whether the underlying data has changed, and refresh the cache appropriately. No other bundle(s) can do this because they have no idea where the cache provider gets its data, they can only see the public service interface.