Designing web application: Session or session-less

Question

I wanted others to explain to me, which approach is better: using a session or designing it sessionless. We are starting development of a new web application and have not yet decided on what path to follow.

Session-less design IMO is more preferable:

Pros:

1. Scalability. We can have as many servers as we want without having to share a user session. Each of them can process requests (e.g. load balancing via round robin).
2. Saves server resources. We do not need to allocate memory on the server side (again - scalability).
3. No need to recover after a server restart.

Cons:

1. Having to keep some user related information in cookies (not critical).
2. Requires more coding (but not really much of coding).

Are there any topics we need to mind before taking the final decision?

Answer 1

Today's apps can quickly grow extremely big (just have a look at all those "tiny, simple" tools like pastebin, jsfiddle etc !). And at some point a 16 core high end machine is not enough (some people might say "you have to recode your app in order to save cpu power bla-bla", but the http-connection-limit per server is also a problem). So, if you are planning to build a public application that might become more popular than expected, starting "sessionless" is the way to go! To be honest, this will only affect people who write really big things.

The killer pros for sessions are: much less traffic to the mySQL database and much easier coding. But you will have to rewrite your entire system when your app goes big.

Answer 2

With in memory data solutions like REDIS and spring based abstraction to handle session, I don't think this question is even valid in today's context. It's obviously better to try to keep the app session-less but based on the need, one doesn't need to be so hard on themselves. Centralized session management will not cause issues with scaling as well.