0

I have a use case like this and I am wondering if this solution is a good practice or not.

Say I have a website called dashboard.com and this is only for US region. When users login here, I am storing their session into USRedis instance. However this dashboard has two buttons named USWebApp and EUWebApp.

Assume that this is the UI for dashboard.com (pardon for text based UI). The doted elements indicate html buttons. So I have two buttons named USWebApp and EUWebApp

http://www.dashboard.com

----------    ----------
|USWebApp|    |EUWebApp|
----------    ----------

Once user is logged into dashboard.com and clicks USWebApp, I pass the session cookie to USWebApp and USWebApp calls USRedis to validate the session. If session is not valid, then we redirect the user back to dashboard.com (and user logs in again by typing credentials).

On the contrary, user can click EUWebApp. Again I am passing dashboard.com's session cookie to EUWebApp. However EUWebApp checks EURedis to validate this session. However when user logged into dashboard.com I only persisted their session to USRedis. So when EUWebApp tries to validate this session by looking in EURedis, it won't find the session since I never wrote to EURedis when user logged into dashboard.com (main site) in the first place to begin with.

Two solutions that I can think to solve this

1) EUWebApp should talk to only USRedis, to validate the session instead of talking to EURedis or

2) when user logs into dashboard.com I should store their session in both USRedis and EURedis. Therefore USWebApp can use USRedis while EUWebApp can use EURedis to validate the user session.

What do you guys think about this? Especially the 2nd approach? Is that a good practice?

Apart from these two approaches, do you know any other solutions for my architecture?

More information in case interested: (not really needed for this question) I am building a main site and integrating with a SAML IDP(Identity provider). Think of dashboard.com as your company's main page where you have access to multiple apps like word, splunk, teams, etc.

Improve this question
8
  • Why dont you use a role based access system. For example us users are member of "usUsers" and EU users are member of "euUsers" and then you handle access in your based on role membership. Commented Dec 6, 2019 at 12:12
  • yes thats what I am doing. The idp sends those usUsers and euUsers roles in the saml response and based on that I either disable USWebApp or EUWebApp buttons. However if they have access to both, then we need both apps and hence the question, should I need to write to 2 redis instances so when user clicks USWebApp, the USWebApp can validate with USRedis and when user clicks EUWebApp, EUWebApp can validate their session with EURedis. Commented Dec 6, 2019 at 14:38
  • Then i cant understand why you need a usWebApp and antoher euWebApp. Your app logic should handle the case where users have access to both regions. Or are you doing this because you are running your app in two different location? Commented Dec 6, 2019 at 21:00
  • Assume that those apps are not mine. they are maintained by other team for instance. All I maintain is the dashboard app. I save session to redis and send a cookie with redis id to respective apps and they should validate if this session is valid. However the question is should I store in two places since the apps that I might serve(EUWebApp or USWebApp in this case) maybe region based. Commented Dec 6, 2019 at 21:23
  • Then its not so easy to give a good answer. Need to know how these apps are handling the aurhentication, how this is stored in cookies and how its encrypted. Commented Dec 7, 2019 at 10:32

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.