Featured image of post Django-dysession: The reasons you may want to choose aws dynamodb as session-database!
AWS Python Side Project Tech

Django-dysession: The reasons you may want to choose aws dynamodb as session-database!

django-dysession is a django extension by using AWS DynamoDB as a session backend. but why use dynamodb as session database?

When we are developing a web application, web sessions is an important part! There are many kinds of databases which are all great to store web session data. IMHO, I think NoSQL database is the most suitable one, especially AWS DynamoDB. But why? That’s the main topic in today’s article.

In this article, I am going to talk about the following topics:

  • What is web session?
  • What problems will we face when session records growing?
  • Databases for Web Session
  • How can we integrate DynamoDB Session with Django?

What is web session?

A web session is a sequence of network HTTP request and response transactions associated with the same user. Modern and complex web applications require the retaining of information or status about each user for the duration of multiple requests.

Therefore, sessions provide the ability to establish variables — such as access rights and localization settings — which will apply to each and every interaction a user has with the web application for the duration of the session.

― _OWASP Session Management_

Nowadays, due to the stateless HTTP, session keys are used to identify users from the incoming requests. Developers can save customized information for individual user to give a better user experience.

Session is not persistent data but ephemeral. When the session is expired on the server-side, user need to re-login again.

What problems will we face when session records growing?

This section we will talk about the factors that affect us to choose the best database for us.

  • Response time should be extremely fast

    One main problem is that one user can login many of times, which means one user can produce multiple session records in database. As the time shift on, the session database will be huge and slow to query.

  • Security

    Normally, We won’t put sensitive data into Session data. However, we still need to make sure that hackers won’t be able to steal session data from our database.

  • Scalability

    When the number of records growing, database will need horizontal scale. Therefore, how easy we can horizontal scale is an important factor that we need to take seriously.

  • Easy to change schema

    Schema of session data will change oftenly. So, NoSQL sounds like a very good choose to us.

Databases for Web Session

MySQL

Session data could save in one table. However, when the amount of session data grows, MySQL Database needs to setup a cluster to make sure the performance. Also, If we want to make sure the services is highly available, Multi-AZ standby is important! And these reasons will cost you an arm and a leg.

The data is persistent. Therefore the data won’t be delete until we scan and delete the expired data. And that makes us need more effort to maintain database.

Not easy to change data schema. Normally, if we choose MySQL to store our session data, we need to encode our data into string for saving. Example shown below.

Session data saved by Django ( MySQL )

Redis

In-memory database. The speed is extremely fast. But also, Multi-AZ and cluster will cost a lot of money. But we still need to manage these servers.

Redis has a “ttl” attribute to eliminate expired data.

Data schema is easy to change.

DynamoDB

AWS fully management Key-Value NoSQL Database. “AWS Fully Management” means that we won’t need extra effort to maintain our servers. We can just use the service. Also, when the amount of data growing too fast, we won’t need to scale by ourselves.

DynamoDB is serverless. AWS ensure that it is highly available.There is no need to create Multi-AZ standby for it.

DynamoDB has a “TTL attribute”. Amazon DynamoDB Time to Live (TTL) allows you to define a per-item timestamp to determine when an item is no longer needed. If any item don’t need a ttl, then you can easily remove the ttl attribute from the item. Very easy to control!

Also, DynamoDB is a NoSQL database. It’s easy to change data schema.

For the security, We can easily to use AWS IAM and AWS KMS to ensure the authority of access control and Data Encryption.

For me, DynamoDB is the best option to store web session Data.

Example of DynamoDB as Session Backend

How can we integrate DynamoDB Session with Django?

Django-Dysession preview

For Django developers, there is a awesome and easily to use project called “django-dysession”. This project is an install-able app for Django. And we can use DynamoDB Session Backend with only two lines of code!

1INSTALLED_APPS = [
2    ...
3    "dysession", # add dysession to installed apps
4    # 'django.contrib.sessions', # remove this default session
5    ...
6]
7
8SESSION_ENGINE = "dysession.backends.db"

https://github.com/MissterHao/django-dysession

© 2023 - 2024 Moo!! MissterHao! Coding!
All rights reserved,未經允許不得隨意轉載
Built with Hugo
Theme Stack designed by Jimmy