This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

how to maintain a session if required between edge and backend system.

Posted on 05-05-2017 03:12 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Is there a way to manage a session between apigee edge and back end system between multiple request which goes through apigee edge platform to backend.

Solved Solved
3 4 1,650
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Will add to what @sudheendra suggests.

Yes. Keep it stateless, as much as possible. If you can't, I suggest a few options:

  • Leverage JWT claims to store non-sensitive data. That way you can pass the token id around to third-party systems and remove the dependency on a server.
  • Maintain state on the server-side.
    • By associating attributes to access token. OAuth policy supports this feature.
    • Keep state on the server with KVMs or cache leveraging cookies. Not a big fan of this one, but I've been on projects where this was required.
  • Maintain sessions on the client side.
    • Leverage browser local storage. I'm an advocate of this one for many use cases.By using client-side sessions, your backend can scale as it won't have to keep track of any state. A cluster of thousands of microservices can receive your requests without the need of tracking sessions on the server side. And the best part is that it can be secure. Take a look at Using secure client-side sessions to build simple and scalable Node.JS applications to learn more.

Let us know your thoughts!

View solution in original post

Jump to Solution
4 REPLIES 4
Top Solution Authors
View all