Scaling a web application and making it stateless

Question

I am struggling to get my head around how to scale any sort of web application that allows a user to be log in, and depends on that user to be logged in to perform any action.

For example say I have a web application that allows a user to login, edit an addressbook of users, send messages to other users and receive messages from users.

Some advice I've received is to divide my application into services using verbs. So I would have an addressbook editing service, a message sending service, a message recieving service, and an authentication service. All of these would individually be able to be scaled horizontally, and would not share data. This would be ideal, only they must share data - the user whom is currently logged in. I can't conceptually get my head around how this would work? Should I just be sending the user ID between services and it would be implicit that is the user who is logged in? What if I want to maintain a session state with information about what the user is currently doing?

Answer 1

At some point, all the web servers have to converge somewhere. That place is typically the database cluster. Upon initial authentication, you could generate a random string and store it in the user's current list of authentication cookies in the database. Each time the cookie is passed to one of the servers, the server can check the database cluster to see which user (if any) with which the cookie is associated.

I will add that you don't necessary need a database cluster. You could have the database distributed across various sites. Some operations, however, will need to be synchronous. Generating the cookie on initial login (which won't happen too often) is one of them. Otherwise you'll have a mixture of servers that do and don't recognize the cookie.