7
kc1116
8y

Question: Does using cookies for user session handling hinder the scalability of your backend because all the API's have to live on the same domain. Basically if one API starts to get a lot of request and you want to add another server to off balance the load you would have to add an entire webserver rather than just a small micro webserver with the API running on it mainly because cookies are used to authenticate user request and cookies don't survive CORS request. Am I right or don't know what the hell i'm talking about lol need some opinions I suggested we make all API's micro services and use JWT for user sessions

Comments
  • 3
    commenting to know opinions
  • 1
    load balancer ?
  • 1
    what about the load balancer ?
  • 4
  • 1
    No senior smart guys out there wanna answer this question huh ?
  • 1
    @kc1116 you'd use nginx as a load balancer, splitting traffic between x instances of your api. this way, nginx is first point (same domain, so not cors), but it sends some request to server x and some to server y.
  • 1
    yea I know that, but if your API is on the same webserver as your core application then you will have to add another instance of that application rather than just an instance of the API, how can I make cookies survive CORS request
  • 1
    @kc1116 I think you can define a cors setting for it with Access-Control-Allow-Credentials on the server, and configure your ajax calls to send authentication. I've done it at work and I'm certain it's possible. at work was with nodejs and angularjs
  • 1
    Okay will check it out thanks, have been trying to do this but with AngularJS and Golang back end
  • 1
  • 1
  • 1
    thanks 😎
Add Comment