Solving Distributed Session Issues in Microservices with Spring Session and Redis
This article explains the challenges of distributed session management in microservice architectures and presents four solution approaches, focusing on a Java implementation using Spring Session with Redis, including dependency setup, configuration, login logic, controller handling, and verification through testing.
When multiple microservices are deployed behind an Nginx load balancer, user login information stored in the session of one Tomcat instance is not shared with other instances, causing repeated login prompts; this is the distributed session problem.
Solution approaches:
Session replication
Front‑end storage (e.g., cookies)
Session sticky (affinity)
Backend centralized storage (e.g., Redis)
1. Add Maven dependencies for Redis and Spring Session:
<!--Redis-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!--commons-pools2 object pool-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<!--spring session-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>2. Redis configuration (application.yml):
spring:
redis:
host: localhost
port: 6379
database: 0
connect-timeout: 10000ms
lettuce:
pool:
max-active: 8
max-wait: 10000ms
max-idle: 200
min-idle: 53. Business logic – login implementation using Spring Session:
/**
* 登录功能
*/
@Override
public RespBean doLogin(LoginVo loginVo, HttpServletRequest request, HttpServletResponse response) {
String username = loginVo.getUserName();
String password = loginVo.getPassword();
User user = userMapper.selectByUserName(username);
if (user == null) {
throw new GlobalException(RespBeanEnum.LOGIN_ERROR);
}
if (!MDUtils.formPassToDBPass(password, user.getSalt()).equals(user.getPassword())) {
throw new GlobalException(RespBeanEnum.LOGIN_ERROR);
}
String ticket = UUIDUtil.uuid();
request.getSession().setAttribute(ticket, user);
CookieUtil.setCookie(request, response, "userTicket", ticket);
return RespBean.success();
}4. Controller – retrieving user information from Redis:
@RequestMapping("/toList")
public String toList(HttpSession session, Model model, HttpServletRequest request, HttpServletResponse response) {
String ticket = (String) redisTemplate.opsForValue().get("userTicket");
if (StringUtils.isEmpty(ticket)) {
return "login";
}
User user = userService.getUserByByCookie(ticket, request, response);
if (user == null) {
return "login";
}
model.addAttribute("user", user);
return "goodsList";
}After deploying the application, the login test shows that the session data is stored in Redis, and subsequent requests retrieve the user information correctly, confirming that the distributed session problem is solved.
In summary, using Spring Session with Redis provides a secure, horizontally scalable solution for distributed session management in microservice systems, while other approaches such as session replication, front‑end storage, or sticky sessions have trade‑offs in performance, complexity, and security.
Top Architect
Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.