[lucb1e]

If sessions die when your system reboots, that means you can't reboot the system (update the service) without breaking whatever any users were currently doing on your site or in your software. That does sound bad to me and like a bad fit for Redis the memory cache. (I know it can do persistence optionally but that's what the person above you was complaining about: this is not what it's good at)

Why not use a regular database for this (can be as simple as an sqlite file, depending on your needs), or the default thingy that comes with your framework or programming language? This is built into everything I've ever used, no need to reinvent session storage or overengineer the situation with jwt or some other distributed cryptographic system and key management

[citrin_ru]

> Why not use a regular database for this (can be as simple as an sqlite file, depending on your needs)

A lot of depends on the scale and load pattern (e. g. ratio of active and inactive sessions). For a small scale sqlite could be a good choice.

Storing session in a regular DB (say Postgres) could be more expensive (hardware wise) than in Redis and there are cases when the load is high enough to matter but the budged is not unlimited (to use a DB at any cost). Also redundancy with a Redis cluster is easier than with Postgres. I don't think Redis always better, but at some load patterns it is.

> or the default thingy that comes with your framework or programming language?

Default PHP session store is files in /tmp - works for a home page but if load is high it explodes (millions files in /tmp is too slow to work with).

[physicsguy]

> This is built into everything I've ever used

Ah but in trendy microservices world, it isn’t in many micro frameworks, you have to reinvent it

[lucb1e]

I didn't know what you meant so I looked up micro frameworks. Wikipedia has a page named Microframework and lists 23 examples. I don't have time to dive into each of them and most items aren't links (so not sure how relevant they are), but

- I know Flask and it has sessions

- It also lists three frameworks for PHP, which has sessions built into the language (session_start() is what I use in any project that needs a session system)

- Expressjs is one of the few others with a Wikipedia page. Looking into that, it says it requires some middleware for having sessions, which seems not only well-supported, but there is also an include from the authors of Expressjs themselves called expressjs-sessions. It's technically not in the framework, but the authors provide it and clearly keep it in mind when developing the framework so you don't have to DIY that

I can't conclude this isn't a common feature in microframeworks :p

[physicsguy]

Most of the options you're talking about are client side sessions and even then are limited. That's certainly the case in Flask, FastAPI, Starlette.

Compare that to say, Django, Laravel, etc.