AWS lambda serverless website session maintaining
Solution 1
There are multiple mechanisms available in HTTP to maintain session state within web applications, such as cookies (standard HTTP header), URL parameters, URL arguments on GET requests, body arguments on POST requests, such as hidden form fields (HTML forms), or proprietary HTTP headers.
Source: Session Management Cheat Sheet
AWS Lambda has nothing to do with session management unless you want to re-invent the wheel and write Lambda functions that store/retrieve session variables from the database, in which case I'd recommend that you use Amazon Cognito for session management. See Amazon Cognito Identity SDK for JavaScript.
Solution 2
In the Amazon Cognito Identity SDK for Javascript, check in particular the use case 16, it shows how to retrieve the Cognito current user. You can use this function to pass from page to page the current user attributes.
var poolData = {
UserPoolId : '...', // Your user pool id here
ClientId : '...' // Your client id here
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
cognitoUser.getSession(function(err, session) {
if (err) {
alert(err);
return;
}
console.log('session validity: ' + session.isValid());
// other AWS actions ...
});
}
Solution 3
Either you use Cognito or your own way of session management, beware that lambda calls share their runtime and share static state between them. Make sure that your design considers this fact and architect your session sharing accordingly.
https://www.linkedin.com/pulse/does-lambda-call-share-any-commonstate-santhosh-gandhe/
Related videos on Youtube
17 : 18
10 : 04
06 : 13
![AWS re:Invent 2019: [REPEAT 3] Serverless architectural patterns and best practices (ARC307-R3)](https://i.ytimg.com/vi/9IYpGTS7Jy0/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCqymTp6eEV_-G4akQyOfSAfRKX6g)
01 : 03 : 35
01 : 29 : 11
04 : 33
20 : 13
28 : 43
15 : 46
35 : 18
01 : 15
Pano
Updated on June 07, 2022Comments
-
Pano almost 2 years
I developed a website using node.js as back-end. Recently I am trying to make it serverless and deploy to lambda. I will re-write most of my code but just haven't figured out how to maintain the session after user logged in. I was using "express-session" module and the session data is all recorded in the database.
To be honest I don't have a very deep understanding on sessions. I searched on google and did not find what I need. Does anyone have some sample code on maintaining sessions using lambda? or any resources. Thanks a lot!
-
timhc22 over 6 yearsOne thing I'm confused about is, what if you want to use an anonymous user and just store a 'state' string in an oauth flow. Is Cognito overkill for this? e.g. steps 2-4 here: jsapi.apiary.io/apis/starlingbankapi/reference/0/customer-api/…
-
Khalid T. over 6 years@timhc22 I don't believe Cognito is the right option in this particular case. Personally, I'd use localStorage for that until the point I need to authenticate/sign up the user.
