Question:
I have the following scenario:
- a nodejs application that saves the session on redis.
- another spring q application also saves the session in redis.
I would like to share this same session between the two applications. I thought of the following way to do this (I don't know if it's correct), rewrite the http filter modifying the way it assembles the session, I found two classes that I think I should rewrite: SessionRepositoryFilter and RedisOperationsSessionRepository.
Am I on the right path, or would I have a simpler way to solve my problem?
Answer:
Solution
We set up the environment as follows:
- nginx as load balancer and reverse-proxy, it intercepts any request and redirects to url /auth, where there is an application just for authentication that returns 200 if the user is authenticated and redirects to the original url, if not authenticated it returns the error 401 and nginx redirects to login page;
- node and spring application only accepts nginx requests to prevent unauthorized access.
So far we haven't had any major problems working this way, but we're still validating and seeing alternatives.