API-M and sticky session

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

API-M and sticky session

Nicolas Maujean
hi,

   I woud like to understand why nginx plus is needed to manage wso2 api in active-active whereas we could install the sticky module of nginx ?


   If my service or stateless, the sticky session is needed

best regards,

Nicolas Maujean

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: API-M and sticky session

tharindu1st
Hi Nicolas,

The sticky session in API MAnager is needed to manage the following aspects.

1. In all UI components, it needs to manage to keep session affinity for keep session with the same instance
2. For all Admin Service Calls which use to validate tokens, Create APIS, etc between nodes. it uses a session for not to re-authenticate with servers.
3. In Gateway Component it does not need to have session affinity for the services you expose as rest API whereas you do not use any session related data.

Thanks




On Fri, Sep 14, 2018 at 3:45 PM Nicolas Maujean <[hidden email]> wrote:
hi,

   I woud like to understand why nginx plus is needed to manage wso2 api in active-active whereas we could install the sticky module of nginx ?


   If my service or stateless, the sticky session is needed

best regards,

Nicolas Maujean
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Tharindu Dharmarathna
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Tharindu Dharmarathna
Associate Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94779109091
Reply | Threaded
Open this post in threaded view
|

Re: API-M and sticky session

Nicolas Maujean
Hi Tharindu,

   Thank you for your feedback. 

Some More questions :
- Why don’t use the sticky module of nginx which is free but nginx plus ?
- why validate tokens ? With share folder, tokens is not shared ?
- I don’t understand for UI components, can you provide me an example ?

Best regards,

Nicolas Maujean



Le dim. 16 sept. 2018 à 10:53, Tharindu Dharmarathna <[hidden email]> a écrit :
Hi Nicolas,

The sticky session in API MAnager is needed to manage the following aspects.

1. In all UI components, it needs to manage to keep session affinity for keep session with the same instance
2. For all Admin Service Calls which use to validate tokens, Create APIS, etc between nodes. it uses a session for not to re-authenticate with servers.
3. In Gateway Component it does not need to have session affinity for the services you expose as rest API whereas you do not use any session related data.

Thanks




On Fri, Sep 14, 2018 at 3:45 PM Nicolas Maujean <[hidden email]> wrote:
hi,

   I woud like to understand why nginx plus is needed to manage wso2 api in active-active whereas we could install the sticky module of nginx ?


   If my service or stateless, the sticky session is needed

best regards,

Nicolas Maujean
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



--
Tharindu Dharmarathna
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: API-M and sticky session

Pubudu Gunatilaka-2
Hi Nicolas,

Please find the answers.

1. If you just download the Nginx, you won't get the sticky sessions module in there. But with Nginx Plus you can get the sticky session module. Also if you compile the Nginx source code, then you get a chance to include the sticky session module. 

2. We have OAuth2 by default and GW does the key validation call to the Key manager. The current implementation does not support to share the tokens as we share folders. You can use JWT tokens which are self-contained access tokens. This is supported in APIM 2.5.0 API microgateway.

3. In apps, we maintain Jsession cookie for UI apps. For an example, let's consider you have fronted the publisher app with an LB. When you login to the publisher app, it goes to the publisher node 1 where you enter the credentials. When the login call is successful, the user should redirect to the API listing in the publisher node. If you haven't set the Jsession cookie in the LB, you will redirect to the publisher node 2 due to the round-robin behavior. As the publisher node 2 does not have the valid session for the user as the Jsession cookie is not found, the user will redirect to the login page again. When you enable Jsession cookie in LB, it will always point the user to the same publisher node.

Thank you!

On Sun, Sep 16, 2018 at 2:46 PM Nicolas Maujean <[hidden email]> wrote:
Hi Tharindu,

   Thank you for your feedback. 

Some More questions :
- Why don’t use the sticky module of nginx which is free but nginx plus ?
- why validate tokens ? With share folder, tokens is not shared ?
- I don’t understand for UI components, can you provide me an example ?

Best regards,

Nicolas Maujean



Le dim. 16 sept. 2018 à 10:53, Tharindu Dharmarathna <[hidden email]> a écrit :
Hi Nicolas,

The sticky session in API MAnager is needed to manage the following aspects.

1. In all UI components, it needs to manage to keep session affinity for keep session with the same instance
2. For all Admin Service Calls which use to validate tokens, Create APIS, etc between nodes. it uses a session for not to re-authenticate with servers.
3. In Gateway Component it does not need to have session affinity for the services you expose as rest API whereas you do not use any session related data.

Thanks




On Fri, Sep 14, 2018 at 3:45 PM Nicolas Maujean <[hidden email]> wrote:
hi,

   I woud like to understand why nginx plus is needed to manage wso2 api in active-active whereas we could install the sticky module of nginx ?


   If my service or stateless, the sticky session is needed

best regards,

Nicolas Maujean
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



--
Tharindu Dharmarathna
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Pubudu Gunatilaka
Committer and PMC Member - Apache Stratos
Senior Software Engineer 
WSO2, Inc.: http://wso2.com
mobile : <a href="tel:%2B94772207163" value="+94772207163" style="font-size:x-small;color:rgb(17,85,204)" target="_blank">+94774078049


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: API-M and sticky session

Nicolas Maujean
Thank you !

Le ven. 21 sept. 2018 à 10:35, Pubudu Gunatilaka <[hidden email]> a écrit :
Hi Nicolas,

Please find the answers.

1. If you just download the Nginx, you won't get the sticky sessions module in there. But with Nginx Plus you can get the sticky session module. Also if you compile the Nginx source code, then you get a chance to include the sticky session module. 

2. We have OAuth2 by default and GW does the key validation call to the Key manager. The current implementation does not support to share the tokens as we share folders. You can use JWT tokens which are self-contained access tokens. This is supported in APIM 2.5.0 API microgateway.

3. In apps, we maintain Jsession cookie for UI apps. For an example, let's consider you have fronted the publisher app with an LB. When you login to the publisher app, it goes to the publisher node 1 where you enter the credentials. When the login call is successful, the user should redirect to the API listing in the publisher node. If you haven't set the Jsession cookie in the LB, you will redirect to the publisher node 2 due to the round-robin behavior. As the publisher node 2 does not have the valid session for the user as the Jsession cookie is not found, the user will redirect to the login page again. When you enable Jsession cookie in LB, it will always point the user to the same publisher node.

Thank you!

On Sun, Sep 16, 2018 at 2:46 PM Nicolas Maujean <[hidden email]> wrote:
Hi Tharindu,

   Thank you for your feedback. 

Some More questions :
- Why don’t use the sticky module of nginx which is free but nginx plus ?
- why validate tokens ? With share folder, tokens is not shared ?
- I don’t understand for UI components, can you provide me an example ?

Best regards,

Nicolas Maujean



Le dim. 16 sept. 2018 à 10:53, Tharindu Dharmarathna <[hidden email]> a écrit :
Hi Nicolas,

The sticky session in API MAnager is needed to manage the following aspects.

1. In all UI components, it needs to manage to keep session affinity for keep session with the same instance
2. For all Admin Service Calls which use to validate tokens, Create APIS, etc between nodes. it uses a session for not to re-authenticate with servers.
3. In Gateway Component it does not need to have session affinity for the services you expose as rest API whereas you do not use any session related data.

Thanks




On Fri, Sep 14, 2018 at 3:45 PM Nicolas Maujean <[hidden email]> wrote:
hi,

   I woud like to understand why nginx plus is needed to manage wso2 api in active-active whereas we could install the sticky module of nginx ?


   If my service or stateless, the sticky session is needed

best regards,

Nicolas Maujean
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



--
Tharindu Dharmarathna
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


--
Pubudu Gunatilaka
Committer and PMC Member - Apache Stratos
Senior Software Engineer 
WSO2, Inc.: http://wso2.com
mobile : <a href="tel:%2B94772207163" value="+94772207163" style="font-size:x-small;color:rgb(17,85,204)" target="_blank">+94774078049

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture