Is this stateless?

[daveteu]

Readme states More secure, signature-based tamper-proof, does it means this works in stateless environment, where you do not require session stickiness?

[LyricTian]

If you want use this in stateless environment, need to use redis as session storage. Because the session depend on session id in cookie value, and session id associate custom store value. When we get user id from session actually use current session id to get user id in session store.

[daveteu]

Thanks @LyricTian, thank you for explanation.

So assuming if I use a go-session/redis, may I confirm I would not need to worry about sticky-cookie in a multi server environment (docker swarm, kubernetes), since all servers cookie data are sync in redis?

[Jackysi]

Sorry this is bit off topic, but can session be also "figured out" from JSON token? For API and such