In one of my previous project we implemented Security using JWT and Redis.
1. User logged in using OTP
2. We store latest JWT token in redis (accessToken for 10Min ) and user had to use same token to access our system. If user had multiple valid token they can only access with latest JWT. ( Client wanted user can atmost access a session for a week then forcely logout and refresh jwt token every 10 minute if accessing our system. )
In my recent interview this year one of Senior Engineer ( interviewer) told me that this is worst solution ever I heard. Why not you used DynamoDB instead of Redis here. What if redis started failing or started draining your data how user will access the application? ( Luckily we never faced that )
Can you please tell me is really that approach was worst ? And what will be the best approach or solution? Is DynamoDB an alternative and would it actually perform better here?
All 3 parts are goldmines, learned a lot.
I had a query related to Redis can I ask here ?
Thanks Zaid. Sure, go ahead.
In one of my previous project we implemented Security using JWT and Redis.
1. User logged in using OTP
2. We store latest JWT token in redis (accessToken for 10Min ) and user had to use same token to access our system. If user had multiple valid token they can only access with latest JWT. ( Client wanted user can atmost access a session for a week then forcely logout and refresh jwt token every 10 minute if accessing our system. )
In my recent interview this year one of Senior Engineer ( interviewer) told me that this is worst solution ever I heard. Why not you used DynamoDB instead of Redis here. What if redis started failing or started draining your data how user will access the application? ( Luckily we never faced that )
Can you please tell me is really that approach was worst ? And what will be the best approach or solution? Is DynamoDB an alternative and would it actually perform better here?
1. Redis being in-memory will always be faster than DynamoDB (NoSQL) or any other cold storage.
2. There are multiple solutions to make redis Highly Available
a. Use a backup DB (mysql/dynamoDB, etc) - This is basic solution which doesn't help much with HA
b. Enable snapshots - Redis provides RDB and AOF snapshots to restore data in case of a crash. Check https://redis.io/docs/latest/operate/oss_and_stack/management/persistence
c. Use a managed redis - AWS Elasticache
d. Maintain high replication factor for keys
e. Implement failover scenarios - Check Sentinel for automatic failover ( https://redis.io/learn/operate/redis-at-scale/high-availability/understanding-sentinels). Replicate data across different geographies.
f. Implement health checks and monitoring to detect failures beforehand
3. Managing sessions in redis through TTLs is super easy. In DynamoDB, you will have to handle that through application logic.
Thanks Aniket for detail explanation, I'll check all the solution provided by you.