Redis- Session cần đặc tính: đọc/ghi nhanh (mỗi request authenticated cần verify session), TTL-based expiration (logout tự động sau idle time), và không cần persist lâu dài.
- Redis phù hợp hoàn hảo: O(1) GET/SET, native TTL support (
SETEX session:abc123 3600 '{userId:1,...}'), in-memory nên sub-millisecond latency. - So với database: query DB mỗi request tốn 1-10ms thêm; DB không có native TTL; cần background job cleanup expired sessions. Implementation pattern:
bash
# Login: tạo session
SET session:{token} {json_data} EX 86400
# Verify: đọc session
GET session:{token}
# Logout: xóa session ngay
DEL session:{token}
# Extend: renew TTL khi user active
EXPIRE session:{token} 86400Với Sentinel/Cluster: session available ngay cả khi một node fail. Lưu ý: không lưu sensitive data trong session JSON — chỉ lưu user_id, roles; sensitive data lấy từ DB.
Express.js connect-redis, Next.js iron-session đều support Redis backend.
- Sessions require: fast reads/writes (every authenticated request needs session verification), TTL-based expiration (automatic logout after idle time), and no need for long-term persistence.
- Redis is a perfect fit: O(1) GET/SET, native TTL support (
SETEX session:abc123 3600 '{userId:1,...}'), and in-memory storage for sub-millisecond latency. - Compared to a database: querying the DB per request adds 1-10ms; databases lack native TTL; a background job is needed to clean up expired sessions. Implementation pattern:
bash
# Login: create session
SET session:{token} {json_data} EX 86400
# Verify: read session
GET session:{token}
# Logout: delete session immediately
DEL session:{token}
# Extend: renew TTL when user is active
EXPIRE session:{token} 86400With Sentinel/Cluster: sessions remain available even when a node fails. Note: do not store sensitive data in session JSON — only store user_id and roles; retrieve sensitive data from the DB on demand.
Express.js connect-redis and Next.js iron-session both support Redis as a session backend.