Sessions in a Microservice architecture for an E-Commerce system

Question

I plan on developing a microservice E-Commerce system as proof of concept. The architecture consists of 3 components:

• a javascript based single page application, which sends AJAX requests to

• a server (API Gateway) with a REST API which feeds JSON data received by calling other services

• 3 services: CatalogProvider, CustomersProvider, CheckoutProvider

For now the services all are API endpoints of a Magento Shopsystem.

When I try to log in a user into they Magento system by sending a request to the REST Api obviously the server doesn't remember the session when sending the next request.

Also I handle the shopping cart on the server side with Magento and add/update/remove items by REST Api calls. Here, also the added items get lost when sending the next request as the session got lost.

So my question is:

What are possible approaches to solve issues regarding session handling in a microservice architecture?

Answer 1

What about creating one more microservice - SessionProvider ? The service will be responsible for creating and save session states and variables, every session will be identified by unique session id, other services may interact with the SessionProvider through this id.

Answer 2

if u are using jvoid which is a project of schgoni (magento's owner) it create session id and stores it inside mysql and it has already builtin spring security module

For microservice authentication i oauth2 based security architecture would be better i think.Using oauth tokens at rest calls would solve auth problem

Answer 3

You can maintain user states into table.

When users login create one unique id and store it into table with current time stamp and client IP, In client side create key value pair and store it into cookies. Use it as a session.

You have many things now to check user existence.

Answer 4

I suggest that you look at token based authentication.

In addition, JSON Web tokens could also be of interest to you.