无状态服务相关的讨论 | Discussions about stateless services

[findlayfeng]

ssp 大部分都可以是无状态的，但是 ratelimit 功能使用了临时文件缓存了服务状态，这导致在无状态部署的时候不得不开启验证码，这非常影响用户使用，我们是不是可以 使用 redis 或者其他的可配置的方式代替临时文件？

---

Most ssp can be stateless, but the ratelimit function uses temporary files to cache the service status, which results in the need to enable verification codes during stateless deployment, which greatly affects user usage. Can we use redis or other configurable methods instead of temporary files?

https://github.com/ltb-project/self-service-password/blob/f74c01ca4a9df7edf381154369dc653f5653e630/htdocs/index.php#L168

[coudot]

This can be a new feature

[dgeo]

We could just add doc about using a kind of sticky sessions (selecting backend by src ip for example), it's not perfect but avoids adding dependencies and is already working if you need HA

[davidcoutadeur]

I agree.

I have added a note in documentation about stateless service and sticky session: https://github.com/ltb-project/self-service-password/blob/master/docs/config_rate_limit.rst