The best way to store cart data and session data in e-commerce applications

How can we store the cart data or session data in an E-commerce application on the AWS platform?

Issue:

Consider a simple e-commerce application launched on AWS cloud. Let's say user A's request is sent to an instance in an availability zone A. User A adds a couple of items to the cart and all this session data is stored in the corresponding instance only. Here comes the issue, if the new request from user ‘A’ is sent to any other instance apart from the original one, the cart data is lost. Now let’s explore the possible solutions to tackle this problem.

Solution A: Sticky-session

We can enable stickiness on the Elastic load balancer, where ELB can identify the user and routes his / her request to the same instance again and again. This way cart data is captured but if the instance is terminated or the server goes down for some reason, we lose all the session data. Additionally, the traffic also is not uniformly distributed because of stickiness. The whole purpose of elastic load balancing is lost.

Solution B: Cookies

Many web applications use this method. Here rather than storing the session data on the server-side, we store the data on the client-side. Every time the user sends the request, the request carries the web cookies as well. This contains the cart information of the corresponding user. This solution works very fine except for two reasons i.e. HTTP request gets heavier and cookies can also be altered or attacked by the attacker, hence must be validated. 

Solution C: Server-side sessions 

Here user's session data is stored on the server-side i.e. on AWS elastic cache with a session-Id associated with the user. Every time the user logins in or tries to access his / her cart data (may it be with any instance), the data which is stored in the key/value pair from the elastic cache is retrieved. This fetches the updated data with minimal latency. This mechanism is more secure and as the data exchange happens via an internal network and it's all processed in a millisecond. Redis as ElasticCache can also be used for a distributed (Multi-AZ) session data management cache. Another alternative for storing session data in DynamoDB.

Conclusion

Out of all possible solutions, I shall recommend Solution 3 i.e. Server-side Session as the best one. It over-rules the other two solutions by giving us a secure and faster methods for storing and retrieving session data.

Thanks for reading.