Session Management
1,363 views
Skip to first unread message
Joshua Fox
Oct 30, 2017, 3:30:28 AM10/30/17
to google-a...@googlegroups.com
What is the recommended way to do Session Management on Google Application Engine?
In the webapp world, the usual implementation with a session store (Redis/Memcache/RDBMS etc) that is shared by all server-instances.
So, when the Java code calls
request.getSession().setAttribute("UserName", username);A websearch shows some advice:
- Implement it yourself
- Various open-source libraries, non-standard and mostly unmaintained
I would expect a PaaS like GAE to have Session Management out-of-the-box.
This StackOverflow answer says "AppEngine uses Datastore to store the session informations and memcache for faster access" and this official documentation mentions that "Session data is always written synchronously to memcache."
But on the other hand this tutorial suggests that session management must be added to GAE.
But on the other hand this tutorial suggests that session management must be added to GAE.
How should we do Session Management?
Yannick (Cloud Platform Support)
Oct 30, 2017, 1:29:48 PM10/30/17
to Google App Engine
Hello Joshua, as written on the disclaimer in the tutorial you linked to, community tutorials submitted from the community do not represent official Google Cloud Platform product documentation. It also never states that App Engine doesn't support sessions. Additionally, that tutorial refers to App Engine Flexible while the documentation you linked to is for App Engine Standard.
Note that session support is something that is done per-runtime and per-framework, but most if not all of them include it as it is indeed a basic feature of a web server. Part of the Bookshelf tutorial deals with using sessions.
Joshua Fox
Oct 31, 2017, 6:34:21 AM10/31/17
to google-a...@googlegroups.com
Note that session support is something that is done per-runtime and per-framework,
I am asking specifically about Google Application Engine Standard Environment Java 7; and for Java 8.
but most if not all of them include it as it is indeed a basic feature of a web server. Part of the Bookshelf tutorial deals with using sessions.
Thank you. I see that that indeed supports req.getSession().setAttribute(...)
Apparently this uses the Users API, which works with Google or OAuth authentication. Does GAE Standard Env use a Session Store, accessible for all Instances, which is usable with user-authentication in general? According to this StackOverflow answer, it does not.
On Monday, October 30, 2017 at 3:30:28 AM UTC-4, Joshua Fox wrote:What is the recommended way to do Session Management on Google Application Engine?In the webapp world, the usual implementation with a session store (Redis/Memcache/RDBMS etc) that is shared by all server-instances.So, when the Java code callsthat value will be accessible for multiple requests by this browser.request.getSession().setAttribute("UserName", username);A websearch shows some advice:
- Implement it yourself
- Various open-source libraries, non-standard and mostly unmaintained
I would expect a PaaS like GAE to have Session Management out-of-the-box.This StackOverflow answer says "AppEngine uses Datastore to store the session informations and memcache for faster access" and this official documentation mentions that "Session data is always written synchronously to memcache."
But on the other hand this tutorial suggests that session management must be added to GAE.How should we do Session Management?
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/764e06ad-4d90-45bd-8bcd-e801913976a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
JOSHUA FOX
Principal Software Architect | Freightos
Smooth shipping.
Yannick (Cloud Platform Support)
Oct 31, 2017, 10:16:56 AM10/31/17
to Google App Engine
The exact technical details of session support are not publicly documented, but the appengine-web.xml Reference you pointed to before does say it stores the data on the Datastore with Memcache acting as a speed boost. That is to say it stores it in the same way you should be storing session data if you were to handle it yourself.
And no, at this time this system only supports valid Google accounts, which are gmail.com accounts or a GSuite domain's accounts.
Les Vogel
Nov 1, 2017, 9:52:49 PM11/1/17
to Google App Engine
Hi Joshua,
For App Engine Standard:
Take a look at the appengine-web.xml reference. Specifically async-session-persistence, sessions-enabled,
I'm out for 3 weeks this month, but hope to review and fix all the Java Bookshelfs in early December. If there are other areas that you think they don't meet expectations, please let me know.
Regards,
Les
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/87537ad8-948e-46cc-8e6d-4945e10604ad%40googlegroups.com.
Joshua Fox
Nov 2, 2017, 4:10:18 AM11/2/17
to google-a...@googlegroups.com
Les, thank you,
I see that it
is this accessible, as would normally be true with Java appservers, through req.getSession().setAttribute(...) even when unauthenticated? In other words, one can use this even without using the Google App Engine Users API (if we are implementing our own user management).
On Thu, Nov 2, 2017 at 3:52 AM, 'Les Vogel' via Google App Engine <google-a...@googlegroups.com> wrote:
Hi Joshua,For App Engine Standard:Take a look at the appengine-web.xml reference. Specifically async-session-persistence, sessions-enabled,I'm out for 3 weeks this month, but hope to review and fix all the Java Bookshelfs in early December. If there are other areas that you think they don't meet expectations, please let me know.Regards,Les
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAGB1p5gW0J1u79M4M3KNk91eTz-gNJK%3DigK5GC_vHXe52HNqPQ%40mail.gmail.com.
Les Vogel
Nov 5, 2017, 8:01:33 PM11/5/17
to Google App Engine
Yes. It separate from the Users API.
On Thu, Nov 2, 2017 at 1:09 AM, Joshua Fox <jos...@freightos.com> wrote:
Les, thank you,I see that it> stores session data in the App Engine datastore for persistence, and also uses memcache for speedis this accessible, as would normally be true with Java appservers, through req.getSession().setAttribute(...) even when unauthenticated? In other words, one can use this even without using the Google App Engine Users API (if we are implementing our own user management).
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAD%3DB7cOv8KXigkVJhEYmRp-3DW0R1kU%3DyCpLqZ25iVALOfxgdA%40mail.gmail.com.
Joshua Fox
May 28, 2018, 8:59:24 AM5/28/18
to google-a...@googlegroups.com, App Engine Flexible
Does Flexible Environment offer server-side-session? A quick PoC suggests that it does not.
This discussion talks about sessions for Standard Env. Documentation for configuring Standard Env says "Session data is always written synchronously to memcache". App Engine memcache does not work with Flexible Environment, so that may give some background. Documentation for configuring Flex Env says nothing about sessions.
Sessions are a basic feature of webapps and supported by standard appservers. Even with client-side sessions like JWT, the server-side session store provides essential security features.
Does Flex Env provide out-of-the-box support for a server-side session store?
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAGB1p5g%3DdLYDeME%2BTBV8fTBxe-JQiu2ceoVXAVUM8A-%2BhBTiSg%40mail.gmail.com.
JOSHUA FOX
Director, Software Architecture | Freightos
Reply all
Reply to author
Forward
0 new messages