I am trying to setup an control server application with Spring-JPA back-end and Restful web services to expose the back-end methods. My user sessions and authentication/authorization has to be handled through the back-end control server. The entire application has to be setup in clustered environment with user session replication.
I'm not able to figure out which mechanism to use to store the sessions, since the Restful Web services are stateless. I will generate a unique session token for each user session and store the session token and user attributes map as key-value pairs.
I cannot use static Maps and ServletContext to store the user session because the session replication is not possible.
One alternative is to store the user session in the Database.
Please suggest me if there is any other way by which this is possible.
Thanks, Hari
You probably can use Cookies to store/read the session attributes. Other alternative might be to set them as URL parameters (if feasible).
on separate note, idea to store the session in DB and pass the session id across requests sounds like good plan.